Privacy Policy

Background and Scope

This website is operated by Rockmills Financials Ltd ("Rockmills" or "we" or "us" or the "Company"), a company licensed and regulated as a Management Company that offers formation and administration of Mauritian Global Business Companies, Authorized Companies, Collective Investment Schemes, Trusts and Foundations, together with supporting accounting,  secretarial, tax and business advice services . Please see the "ABOUT US" section on our website for more information about the Company.

Rockmills takes privacy and the protection of personal data very seriously, and we implemented relevant policies, processes and procedures, including this privacy policy (hereinafter referred to as "Privacy Policy") to demonstrate our commitment towards this. Going through this Privacy Policy, we explain how we collect, use and disclose personal data (as applicable) as required by prevailing legislations, or as we require for performing our contractual obligations, responsibilities and/or operating our business.


Please find below some terms and expressions as used in this Privacy Policy. These shall be interpreted in accordance with prevailing Data Protection Legislations, including but not limited to the Mauritius Data Protection Act 2017 and the General Data Protection Regulation 2016/679, as applicable.

"Consent" means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed;

"Data Subject" means an identified or identifiable individual, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;

"Personal Data" means any information relating to a data subject;

"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future;

"Special Categories of Personal Data" means personal data pertaining to:

(a) racial or ethnic origin;

(b) political opinion or adherence;

(c) religious or philosophical beliefs;

(d) membership of a trade union;

(e) physical or mental health or condition;

(f) sexual orientation, practices or preferences;

(g) genetic data or biometric data uniquely identifying him;

(h) commission or alleged commission of an offence by him;

(i) proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any Court in the proceedings; or

(j) such other personal data as the Commissioner may determine to be sensitive personal data;

"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

"Processing" means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Processor" means a person who, or public body which, processes personal data on behalf of a controller;

"Third party" means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data.


Our Website

This Privacy Policy also relates to the use of our website, and will apply to the personal data that we collect and process about you while you are browsing same.

Note that there may be links to third party websites on our website. We do not have any control and accept no responsibility regarding the manner into which third party websites are operated, collect or process personal data. For privacy information relating to these other third party websites, we recommend that you consult their relevant privacy policies, as appropriate.

You may also consult our Cookies Policy for more information.

When do we collect personal information?

  • When you are enquiring or subscribing to any of our services;
  • When entering/ prior to entering any contractual relationship with you;
  • Upon client-onboarding;
  • When we retain the services of any service provider;
  • When you send us emails/ job applications / CV/ requests;
  • During meetings if we take notes or record meetings. To note that recording meetings is not our usual practice and we will ask your consent if we wish to do so;
  • When you use our website.

Collection and use of your personal information

The personal data collected and stored by us include, but are not limited to information relating to you/your client:

  • identification details (name, national identity number, gender);
  • contact details
  • email address;
  • phone number:
  • physical address;
  • professional details;
  • nationality;
  • country of residence;
  • information provided by yourself for recruitment purposes;
  • information provided by yourself for entering a contract with us;
  • details regarding feedbacks on our services;
  • technical details, including the Internet Protocol (IP) address used to browse our website, frequency of visits, or other similar details (see our Cookies Policy for more information)

Note that:

  • We may also collect personal data classified as Special Categories of Personal Data.
  • Our website is not intended for use by children [under the age of 16] and we do not knowingly collect or use personal information of children.

Purpose of processing

Kindly note that we use your personal data for the following:

  • For the performance of a contractual / pre-contractual agreement;
  • To abide by legal/compliance obligations imposed on us;
  • For recruitment purposes;
  • For business development activities;
  • For the enhancement of our services and your browsing experience.

Legal basis for Processing

For the processing of personal information, we are required to have a legal basis to rely on, which may vary depending on what information we process and why. The legal bases we may rely on include:

  • Consent

This is where you have expressly provided us with a clear consent for us to process your personal information for a specific purpose.

  • Contract

This is where the processing of your personal information is necessary for the performance of a contractual obligation between us, or because you requested us to take specific steps towards entering into a contract.

  • Legal Obligations

This is where we are legally obliged to process your personal information, in accordance with prevailing Laws.

  • Legitimate Interest

This is where we process your personal information for our legitimate interest.

With whom is your personal data being shared?

Your personal data may be shared with specific organizations, for the sole purpose of us performing our contractual or legal duties. In effect, your personal data may be shared with:

  • Postal services;
  • Regulatory authorities and/or any other relevant authorities;
  • The Bank;
  • Companies/ third parties you ask us to share your personal data with;
  • Service providers with whom we have a contractual service agreement with (including IT service providers);
  • Affiliate companies of the Company (where applicable);
  • Professionals for the performance under a letter of engagement (including auditors and accountants).

Disclosure of personal data to third parties may occur for one or more of the below reasons:

  • For the performance of our legal/ compliance/ reporting obligations;
  • In the event where we receive a legal request and/or in the course of an investigation where disclosure is necessary to prevent a crime from occurring, or to comply with any piece of legislation or Court order;
  • On your instructions;
  • If we outsource some or all of the operations of our business to third party service providers, as we do from time to time. In this specific case and for the legitimate interest of our Company, we may disclose personal data to these service providers who process these data on behalf of and under the instruction of the Company only. Note that we restrict how service providers access, use, disclose and protect data remitted to them;
  • In general, for the performance of our duties and/or for the legitimate interest of our business.


Transfer of personal data outside Mauritius

Your personal data may be transferred outside Mauritius where same is necessary for the performance of a contract we have with you. Note however that in case of transfer of your personal data outside Mauritius (if applicable), we ensure that all appropriate safeguards are in place to cater for appropriate security of the data, and relevant steps are taken in accordance with provisions of the Law.


Cookies and similar technologies

A cookie is a small text file that is placed on the device you use to browse our website (example a computer, laptop, smartphone or tablet or any other such electronic device). We use cookies on our website to, among other things, help us enhance your browsing experience by, for example, remembering your preferences or past actions. We invite you to go through our Cookies Policy for more information about the type of cookies we use, why we use them and how to prevent cookies from being placed on your electronic device.


We would like to send you information about our services that we think would be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, or telephone, as the case requires.

We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes/fill in the relevant consent form sent to you by us. If you have previously agreed to being contacted this way, you can unsubscribe at any time by:

  • Contacting us at This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Using the unsubscribe link in emails

You may also contact us on the above email address if you wish to update your marketing preferences, that is choose what marketing messages, about which specific services you would be interested to receive. Note that the change in preferences may take up to 5 working days to take place. For more information on your rights with regards to marketing, please see "Your Rights" below.

Your Rights

Data subjects have specific rights under the Mauritius DPA and the EU GDPR. In summary, those include:

  • Right of Access

You have the right request a confirmation from us as to whether or not we process your personal data and forward you a copy of same. You also have the right to certain other supplementary information that this Privacy Policy is already designed to address.

  • Right to Rectification

You have the right to have your incomplete personal data completed.

  • Right to erasure

This provides for the right to have your data erased in case the processing of your personal data is not justified.

  • Right to restrict

You have the right to restrict the processing of your personal data.

  • Right to object

You have the right to object to the processing of your personal data.

  • Withdrawal of consent

You have the right to withdraw your consent at any point in time, if your consent was required for the processing of your personal data.

  • Right to Complaint

You have the right to lodge a complaint to the Mauritius Data Protection Office regarding the processing of your personal data by us.

  • Automated processing

You have the right not to be subject to a decision based solely on an automated processing of your personal data, including profiling, which produces legal effects on you.

If you would like to exercise any of those rights, please send an email to our Data Protection Officer on This email address is being protected from spambots. You need JavaScript enabled to view it. or +230 2126946. Note that we may, at our discretion, verify your identity by requiring a proof of your identity before addressing your request.

Keeping your information secure

We take the security of your data very seriously and, as such, we have incorporated appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business requirement to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality and to our own security policies and procedures.

Some of these measures are as follows:

  • There are restricted access to our office premises, and only our authorized employees have access;
  • If personal data is retained in hard copy, same is kept in locked filing cabinets;
  • All staff have followed relevant awareness sessions on protection of personal data and same is provided on a regular basis;
  • We have established policies and procedures for security of data internally, to which our staff are obliged to adhere to in their daily tasks. Such policies and procedures include, among other things, clean desk policy, screen locking, encryption of data/documents, usage of IT devices/equipment among others;
  • Our IT system incorporates enhanced security measures that are reviewed and updated on a regular basis. This comprises of firewalls, anti-virus and other related scanning software;
  • Where we contact service providers to outsource any function necessary for our operations, we ensure that they only have access to information they require for the performance of the contract, and that we have binding contractual clauses specific to data protection in place.

We also have procedures in place to deal with any suspected data security breach. In case any breach occurs, we will notify you and the Data Protection Office where we are legally obliged to do so.

Note that the above is a non-exhaustive list of security measures in place to safeguard personal data.

How long do we keep your information?

We retain your information in accordance with our retention policy, and as required by relevant laws. As such, your personal data will not be stored for a period longer than is reasonably necessary for the purpose for which it was collected.

How to Complain

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. Do not hesitate to contact him on This email address is being protected from spambots. You need JavaScript enabled to view it. or on +230 263 23 23 should you require any further information or wish to complain about the processing of your personal data by our Company.

You also have the right to complain directly to the Data Protection Office (

Changes to this Privacy Policy

This Policy was published to provide you with all information you should legally know about the manner into which we process your personal data. We may change this Policy from time to time without prior notice. If changes occur with regards to the specific processing of your information, we will inform you via email directly.

How to contact us

Please contact our Data Protection Officer (contact details below) should you require any further information, exercise your right or complain about the processing of your personal data.

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Telephone: +230 2126946