1. Introduction

This website is owned by Superdist Sarl (hereafter “Superdist”), and is operated, hosted and maintained by us.

We are committed to safeguarding the privacy of our website visitors and service users. As a result, we would like to inform you regarding the way we would use your personal data, as is required by the European Union General Data Protection Regulation (hereafter the “GDPR”) and the Data Protection Act 2017 (hereafter the “DPA”). We recommend you read this Privacy Notice so that you understand our approach towards the use of your personal data.

Our Privacy Notice sets out the types of personal data we collect, how we collect and process that data, who we may share this information with and the rights you have in this respect.

This notice applies where we are acting as a data controller with respect to the personal data of our website visitors, physical site visitor, existing or potential clients, resellers, end users, business partners, suppliers, service providers and their representatives, among others. As data controller, we determine the purposes and means of the processing of that personal data. We also comply with our obligations as a data processor under the DPA and the GDPR.

By using our website, you acknowledge that you have read and understood the terms of this Privacy Notice.

In this notice, "we", "us" and "our" refer to Superdist.

2. Who we are

Superdist is a subsidiary company of the Unidist Company (Lebanon) and an associate company of the ENL Commercial (Mauritius). The Unidist Group is present in some 50 countries of Africa, Middle East, DOM/TOM and Indian Ocean islands. Since its creation in 1998, Superdist has been a leading wholesale distributor of information technology (IT) products in Mauritius.

The company is an authorized distribution partner of world’s leading IT manufacturers including HP Inc, HP Enterprise, IBM, Oracle, Microsoft, Netapp, Acer, D-Link, Supermicro etc. It is also an authorized service partner for HP. Superdist Limited does import and sell a broad range of IT hardware products to a network of 350 business partners, comprising of major value-added resellers, system integrators, corporate resellers and consumer electronics / IT retailers in the region.

3. The data we collect

The type of data we collect will depend on the purpose for which it is collected and used. We will only collect data that we need for that purpose.

We collect data directly from you where you provide us with your personal details, for example when you purchase or supply a product or services to or from us or when you submit enquiries to us or contact us. Where possible, we will inform you what data you are required to provide to us and what data is optional.

The types of personal data that are collected and processed may include:

Categories of Personal Data Details
Contact details First name, surname, address, email address, office phone, cell phone, fax number
Identification details Identity card number
Other CCTV footage, Photographs and Videos for events

4. How and why we use your data

We will collect and use your personal data only for the purposes for which it was collected or agreed with you. We have set out in the table below the legal basis of processing for each purpose.

Purpose Lawful basis for processing
To respond to your queries or comments, and take appropriate remedial actions regarding your complaints Legitimate interests of Superdist, namely the proper administration of our website and business
To carry out our obligations arising from any contracts entered between you and us Performance of our contract with you or to take steps at your request before entering into a contract
To comply with legal and regulatory requirements Legal obligation
In connection with legal proceedings Legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others
To manage our business relationship with you as client, customer, supplier, service provider or investor Legitimate interests, namely the proper management of our customer relationships
To contact you regarding products and services provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws Consent
To notify you about changes to our service Legitimate interests of Superdist namely the proper administration of our website and business as well as monitoring and improving our website and services
To conduct sales via website Performance of our contract with you or to take steps at your request before entering into a contract
For customer registration To take steps at your request before entering into a contract
For invoicing Performance of our contract with you
To organise events and publish photographs/videos on social media provided you have given us consent to do so Consent
For ordering of parts Performance of our contract with you
For warranty upliftment Performance of our contract with you
For creation of entry forms in case of after sales services Consent
For creation of repair work order and/or service work order Consent
CCTV footage Legitimate interests of Superdist, namely for ensuring physical security and proper conduct on our premises

5. Disclosure of personal data

We may disclose your personal data to our business partners who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with these privacy terms.

We may share your personal data with, and obtain data about you from:

  • Third parties for the purposes listed above (including supplier of products, lawyers, IT firms, banks and auditors who provide legal, banking and auditing services);
  • Resellers, for warranty upliftment, engineer’s report and end-user form; and
  • Other companies including Interdist Alliances, Hewlett-Packard (HP) and ENL Group for the purposes listed above to enhance the services and products that we offer to you.

We may also disclose your data:

  • Where we have a duty or a right to disclose in terms of law or industry codes; or
  • Where we believe it is necessary to protect our rights.

6. International transfers

In the event the third parties to whom we may disclose your personal data are located outside of Mauritius, those transfers would always be made in compliance with the GDPR and the DPA.

If you would like further details of how your personal data would be protected if transferred outside of Mauritius, please contact our Data Protection Committee (hereafter the “DPC”) by referring to section 11.

7. Personal data security

We are legally obliged to provide adequate protection for the personal data we hold and to stop unauthorised access and use of personal data. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal data is secure.

Our security policies and procedures cover:

  • Acceptable usage of personal data;
  • Access to personal data;
  • Computer and network security;
  • Governance and regulatory issues;
  • Investigating and reacting to security incidents.
  • Monitoring access and usage of personal data;
  • Physical security;
  • Retention and disposal of data;
  • Secure communications;
  • Security in contracting out activities or functions.


When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal data that we remain responsible for, is kept secure.

We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same level of protection as we are obliged to.

8. Your data protection rights

Under the GDPR/DPA, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

8.1 Your right to erasure of your personal data

You have the right to ask us to delete your personal data in certain circumstances:

When we no longer need your personal data;

  • If you initially consented to the use of your personal data, but have now withdrawn your consent;
  • If you have objected to us using your personal data, and your interests outweigh ours;
  • If we have collected or used your personal data unlawfully; and
  • If we have a legal obligation to erase your data.

Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. Your personal data will normally be deleted or destroyed in accordance with their respective retention periods as indicated in Annex B’s Records Retention and Disposal Schedule. When we delete data from our services, no residual copies remain on our servers. In order to protect data from accidental or malicious destruction, data from our backup systems are also deleted during our daily backup overwrite.

8.2 Your right of access to your personal data

You have the right to request a copy of the personal data we hold about you. To do this, simply contact our DPC (refer to section 11) and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data.

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

8.3 Your right to rectification of your personal data

You have the right to ask us to update or correct your personal data if you think it is inaccurate or incomplete. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any change we need to be aware of.

8.4 Your right to restriction of processing

You have the right to ask us to limit how we use your data. If necessary, you may also stop us from deleting your data. To exercise your right to restriction, simply contact our DPC (refer to section 11), say what data you want restricted and state your reasons. You may request us to restrict processing of your personal data in the following circumstances:

  • If you have contested the accuracy of your personal data, for a period to enable us to verify the accuracy of the data;
  • If you have made an objection to the use of your personal data;
  • If we have processed your personal data unlawfully but you do want it deleted;
  • If we no longer need your personal data but you want us to keep it in order to create, exercise or defend legal claims.

8.5 Your right to object to processing

You also have the right to object to us processing your personal data where your data is being used:

  • For a task carried out in the public interest;
  • For our legitimate interests;
  • For scientific or historical research, or statistical purposes; or
  • For direct marketing.

You should contact our DPC (refer to section 11) to inform us that you are objecting to any more processing of your personal data and state in your objection why you believe we should stop using your data in this way. Unless we believe we have strong legitimate reasons to continue using your data in spite of your objections, we will stop processing your data as per the objection raised.

8.6 Your right to data portability

The right to data portability allows you to ask for transfer of your personal data from one organisation to another, or to you. The right only applies if we are processing information based on your consent or performance of a contract with you, and the processing is automated. You can exercise this right with respect to information you have given us by contacting our DPC (refer to section 11). We will ensure that your data is provided in a way that is accessible and machine-readable.

9. Definition of personal data

Personal data is any data from which you can be identified, and which relates to you.

10. Changes to this notice

This Privacy Notice may be updated from time to time and we will notify you of same by email or through automatic pop-ups on our website. This version is dated 17th February 2020.

11. How to contact us

We have appointed a DPC to oversee compliance with and questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details set out below:

Email Phone number
DPC-Superdist@hiperdist.com 286 9000

 

You have the right to complain to the Data Protection Office if you believe we have not handled your request in an appropriate manner.

ANNEX A: RECORDS RETENTION AND DISPOSAL SCHEDULE

Categories of Personal Data Purpose Retention period
Contact details Events, Ordering, Customer Meetings, Customer Registration 7 years after termination of business relationship
Invoicing 7 years after termination of business relationship
Ordering of parts, Warranty Upliftment 7 years after termination of business relationship
Events 7 years after termination of business relationship
Entry form, Repair Work Order, Service Work Order, Quotation, Invoicing 7 years after termination of business relationship
Identification details Customer Registration 7 years after termination of business relationship
Others CCTV 30 days before it is securely destroyed
Events 7 years after termination of business relationship