Privacy Policy

Last Updated Date:1 January 2026.

Idatco Limited (“we,” “us,” or “our”) is a company duly incorporated and registered in Mauritius as a Global Business Company.

We are committed to protecting your privacy and handling your personal data responsibly in accordance with the Data Protection Act 2017 (DPA 2017) and applicable laws.

This Privacy Policy explains how we collect, use, disclose, transfer, and protect personal data when you visit our website (www.idatco.co), contact us, or interact with our services.

It applies to all personal data we process as a data controller.

1. Data Controller

Idatco Limited
8th Floor, The Core, 62 ICT Avenue, Cybercity, Ebene 72201, Mauritius
Email: [email protected]

We have not appointed a Data Protection Officer, but you can contact us at the above email for any privacy queries.

2. Personal Data We Collect

We collect the following categories of personal data:

  • Directly provided data: Name, email address, phone number, company name, and any other information you provide when contacting us via forms, email, or other means on the website.
  • Automatically collected data: IP address, browser type and version, device information, operating system, referring pages, pages visited, time and date of visit, and other technical data collected through cookies, server logs, and similar technologies.
  • No sensitive personal data (e.g., health, racial/ethnic origin, political opinions) is collected via the website.

We do not knowingly collect personal data from children under 16 years of age. Our website is not directed at children.

3. How We Collect Personal Data

  • Directly from you (e.g., contact/subscription forms).
  • Automatically via your use of the website (cookies, analytics tools).
  • Indirectly from third-party sources (e.g., analytics providers) where permitted.

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases under the DPA 2017:

  • To respond to your inquiries, provide information, or perform pre-contractual steps — legal basis: performance of a contract or steps prior to entering a contract (Section 22 DPA).
  • To operate, maintain, secure, and improve our website and services (including analytics) — legal basis: our legitimate interests (Section 22 DPA), provided they are balanced against your rights and freedoms.
  • To send marketing communications (if you opt in) — legal basis: your consent (Section 22 DPA).
  • To comply with legal obligations, respond to legal requests, or protect our rights/property/safety — legal basis: legal obligation or legitimate interests.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance functionality, analyze usage, and personalize content.
Essential cookies are necessary for the site to function; others (e.g., analytics) require your consent.

You can manage preferences via our cookie banner or browser settings. For details, see our Cookie Policy.

6. Data Sharing and Recipients

We do not sell, rent, or lease your personal data.

We may share data with:

  • Service providers/processors (e.g., website hosting, cloud storage, analytics providers such as Google Analytics) who are bound by confidentiality and DPA-compliant agreements.
  • Legal authorities, regulators, or courts when required by law.


7. International Data Transfers

As a Mauritius-based company with global operations and service providers, your personal data may be transferred to and processed outside Mauritius (e.g., in countries where our processors are located).
Such transfers are protected by appropriate safeguards, including:

  • Countries with adequacy decisions (if applicable).
  • Standard contractual clauses or other approved mechanisms under the DPA 2017.

 

By using our website, you acknowledge these transfers may occur.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes above, or to meet legal, accounting, or reporting obligations. 

After this, data is securely deleted, anonymized, or destroyed.

9. Security of Your Personal Data

We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, destruction, or alteration, in line with DPA requirements. However, no internet transmission or storage method is 100% secure, and we cannot guarantee absolute security.
 

10. Your Rights Under the Data Protection Act 2017

You have the following rights (subject to conditions in the Act):

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data (right to be forgotten) in certain circumstances.
  • Restrict processing.
  • Object to processing based on legitimate interests or for direct marketing.
  • Data portability (receive your data in a structured format).
  • Withdraw consent at any time (where processing is based on consent), without affecting prior lawfulness.
  • Not be subject to solely automated decisions with legal or significant effects (we do not currently engage in such processing).


To exercise these rights, contact us at [email protected]. We will respond within one month (extendable under the DPA).

No fee is usually charged unless requests are manifestly unfounded or excessive.
 

You also have the right to lodge a complaint with the Data Protection Commissioner at the Data Protection Office:
Website: https://dataprotection.govmu.org/

11. Third-Party Links

Our website may link to third-party sites. We are not responsible for their privacy practices. Review their policies separately.

12. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or law. Changes will be posted here with the updated “Last Updated” date. Review periodically.

13. Contact Us

For questions, concerns, or to exercise your rights:
Email: [email protected]