Mauritius Cargo Community Services Ltd is registered with the Data Protection Office as a Controller – Registration No. C734 and as a Processor – Registration No. P213
MACCS is a public-private organization established in 2008 to deploy and operate information systems that aggregate, synchronize and secure supply chain processes for cargo stakeholders. In handling these different operations, MACCS endorses the role of both a data processor and a data controller. To meet DPA and GDPR obligations, it is required to implement appropriate data protection policies. Such policies must be effective and must demonstrate compliance and good practice. This policy describes how personal data are collected and processed to meet the organization’s data protection standards and comply with law.
MACCS is registered as both a controller and a processor with the Data Protection Office (DPO) and is committed to complying with the Data Protection Act 2017. MACCS also conforms to the General Data Protection Regulation (EU 2016/679 GDPR), when processing European citizens’ personal data.
How does MACCS receive your personal data
We may receive your personal data
What are Data collected
MACCS ensures data minimization in collecting and processing only necessary personal data for a limited amount of time. These data include name, address, contact number and other personal data as may be required for:
Registration to use our services
Data is collected during registration and for provisioning your accesses to our services.
Data is collected for billing and invoicing purposes and stored as per legal obligations.
Data is collected through your CVs submitted to us. The profiles of the unqualified job applicants are stored in our database for a period of six months and may be considered for vacancies during that time frame.
Employees’ personal data are required for employment and remuneration purposes.
Data is collected through information contained in manifest data provided by shipping lines, airlines, freight forwarders and other logistics and trade stakeholders.
Our websites and web applications may use authentication and or session cookies to enhance user experience.
Data are collected when users log tickets on the ticket portal to request support from MACCS.
Data collected as and when specific events are triggered.
To execute its function in operating the cargo community system (CCS) and related services. While some of the services require your consent for the processing of data, others such as providing advance cargo information are mandatory by law and are provided to the Authorities without consent. For more information, refer to:
As per section 3.3, personal data are disclosed to Authorities such as MRA Customs, Mauritius Ports Authority (MPA), Cargo Handling Corporation Ltd (CHCL) and other logistics stakeholders.
Personal data collected are stored in a secure infrastructure hosted locally and on a GDPR compliant cloud platform. Stringent controls are in place to prevent any alteration, accidental deletion, unauthorize accesses, disclosure and destruction of data on our infrastructure.
As per the Data Protection Act 2017, all individuals who are subject of personal data held by MACCS have the right to access their data, to obtain a copy of their data, to request their erasure or rectification and the right not to be subject to a purely automated decision without having their views taken into consideration. They also have the right to object to the processing, withdraw their consents and lodge complaints with the Data Protection Office should they consider that the data processing is in violation of the law.
Individual are reminded that as per section 37 (4) of the DPA, where personal data are not or have not been collected from the data subject, MACCS shall not be required to provide information where the processing is expressly prescribed by law or this proves to be impossible or involves a disproportionate effort.
Any queries regarding data protection must be addressed to dpo@maccs.mu
Requests will be answered within one month. However, if the requests are too complex or in case of too many other requests, the period to answer the queries may be extended by a further two months.
No administration fee shall be charged for considering and or complying with requests unless the request made is deemed to be manifestly excessive.
The websites and web applications may contain links to other websites which are not controlled by MACCS. When users navigate away from MACCS sites to visit other websites, MACCS cannot be responsible for the protection and privacy of any information which they provide on these sites and such sites are not governed by this policy statement.
All processing of personal data by MACCS are done in compliance with the Data Protection Act 2017 and GDPR.
This policy may be subject to change over time to reflect best practices in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2017 and EU GDPR.