Privacy Policy: National AI Registry
This Privacy Policy explains how Mauritius Telecom Limited ("MT", "we", "our") collects, uses, shares and protects personal data in connection with the National AI Registry (the "Registry"). This Privacy Policy applies exclusively to the Registry.
1. DATA CONTROLLER
MT is the data controller for personal data processed through the Registry within the meaning of the Data Protection Act 2017.
2. PERSONAL DATA WE COLLECT
2.1 Provider Registration Data
When you register as a Provider (whether as an Organisation or Individual), we collect your name, job title (if applicable), work email address, telephone number, password (stored in encrypted form), and for Organisations — company name, registered address and business registration number.
2.2 Listing Content
AI solution descriptions, technical specifications, documentation, logos, branding and any other material submitted by Providers. Where this content includes personal data of identifiable individuals, it is processed in accordance with this policy.
2.3 Visitor Contact Data
When a Visitor submits an interest or contact form, we collect their name, email address, organisation name (if provided) and the content of their enquiry.
2.4 Technical Data
We automatically collect IP address, browser type, device type, operating system, pages visited, date and time of access, referring URL and session duration through cookies and similar technologies.
3. HOW WE USE YOUR DATA
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Creating and managing Provider accounts | Registration data | Contract performance |
| Reviewing submissions and publishing approved listings | Listing content, Provider identity | Legitimate interest |
| Transmitting Visitor enquiries to Providers | Visitor contact data | Consent |
| Assigning and displaying trust tier designations | Listing content | Legitimate interest |
| Platform security, maintenance and integrity | Technical data, all categories | Legitimate interest |
| Usage analytics and service improvement | Anonymised technical data | Legitimate interest |
4. DATA SHARING
We share personal data only in the following circumstances:
- With Providers — when a Visitor submits an enquiry about a listed solution, the Provider receives the Visitor's name, email and message.
- With Government authorities — if required by Mauritian law or a lawful order of the Data Protection Commissioner.
- With processors — hosting, email delivery and analytics services that process data on our behalf under written agreements compliant with the Data Protection Act 2017.
We do not sell personal data.
5. INTERNATIONAL TRANSFERS
All Registry data is stored on infrastructure located in Mauritius. Where a sub-processor operates outside Mauritius, we ensure appropriate safeguards are in place as required by the Data Protection Act 2017.
6. DATA RETENTION
| Data Category | Retention Period |
|---|---|
| Provider account and listing data | Duration of active account + 12 months after deletion request |
| Visitor contact form submissions | 24 months from submission |
| Technical / analytics logs | 12 months (then anonymised) |
7. YOUR RIGHTS
Under the Data Protection Act 2017, you have the right to:
- Access — obtain a copy of your personal data held by us.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data (subject to legal retention obligations).
- Restriction — request that we limit processing in certain circumstances.
- Objection — object to processing based on legitimate interest.
- Portability — receive your data in a structured, machine-readable format.
To exercise any right, contact us with proof of identity. We will respond within 30 days.
8. COOKIES
The Registry uses strictly necessary cookies for authentication and session management. We do not use third-party advertising or tracking cookies. An optional analytics cookie may be deployed with your consent via a banner prompt.
9. SECURITY
We implement industry-standard measures including TLS encryption, hashed passwords, role-based access control, regular security audits and ISO 27001-aligned practices to protect personal data against unauthorised access, alteration or destruction.
10. CHANGES TO THIS POLICY
We may update this policy from time to time. Material changes will be communicated via a notice on the Registry. Continued use after a change constitutes acceptance of the updated policy.
11. CONTACT
Data Protection Officer Mauritius Telecom Limited Telecom Tower, Edith Cavell Street, Port Louis, Mauritius Phone: (+230) 203 7000