The website www.ileauxcerfsleisureisland.com is the property of Sun Resorts.
The privacy and security of your information is very important to us. We want you to trust that the information that you have provided to us is being properly managed and protected. We ask that you read this Privacy Notice carefully as it contains important information on how Sun Limited and/or its subsidiaries, affiliates and related entities (as may be applicable) (referred to as "Sun Resorts”, "we”, "us” or "our” in this Privacy Statement) treat the Personal Information you provide to us including how and why we collect, store, use and share your Personal Information, your rights in relation to your Personal Information and on how to contact us and the supervisory authorities in the event you have a complaint.
Who we are
This Privacy Statement is issued by Sun Limited and applies to all Personal Information collected by its subsidiaries, affiliates and related entities. We are the data controller of the Personal Information we collect from you.
What is Personal Information
The term "Personal Information" refers to any information that can be used to identify you as an
individual. It can include, amongst other things, your name, address, age, gender and your financial information.
What Personal Information is collected
In order to provide you with the services and fulfil your booking needs, depending on what services you require from us and/or how you use our website, we may collect the following information from you including:
- your name and contact details (including postal address, email, phone number)
- payment card details, when facilitating payment by card
- information about your travel, for instance when you choose to book airport transfer or require us to organize tours on your behalf
- more sensitive information about you, your health, religion or culture for instance when you require wheel chair access, special assistance or special dietary needs.
During your stay we will also record your itemized spending to be billed to your room and any communication which you have sent to us.
How we collect your Personal Information
We collect your Personal Information when you make a reservation at any of our resorts, either via our website or through our reservation team.
Our online reservation system is managed by Sabre Hospitality Solutions. When you make a reservation online, you will be asked to provide specific Personal Information, including your name, contact details and credit card number. This information will be sent to SynXis, the guest reservation system managed by Sabre Hospitality Solutions, through the booking “API”. At our end, we store the SynXis booking confirmation number and the email address used for the booking to enable you to modify your reservation at a later stage.
Collecting and Processing the Personal Data of a child below the age of 16 years
Where a reservation is made on behalf of a child who is under the age of 16 years, we shall not process the latter’s Personal Information, unless express consent is given by the parent or guardian of that child. Where the reservation is made by the child’s parent or guardian, we will request for relevant documentation to demonstrate a parent-child relationship. Where the reservation is not made by the child’s parent or guardian, we will request for written documentation to be issued from the child’s parent or guardian to signify their consent to us processing the child’s Personal Information.
How we use your Personal Information
We use your Personal Information only for the purposes described in this Privacy Notice, except if otherwise disclosed to you at the time of collecting your information or where otherwise authorized by law or by you.
We use the Personal Information that we collect to process your reservation, to provide you with a personalized service and meet all features of the service(s) you request at any of our resorts, to ensure we fully meet your needs while you are staying with us and/or to allow us to contact you in relation to matters that arise from your stay with us.
We may use the Personal Information you provide to send you newsletters regarding our resorts and to inform you of offers or other promotional information that may be of interest to you if you have expressly consented to us doing so. You can opt-out of receiving promotional materials from Sun Resorts at any time by unsubscribing either through our website or by writing to us at the address below.
We may also use the Personal Information that we collect to understand and analyze the trends and preferences of our guests, to improve our service, and to develop new products, services, features, and functionality. When this occurs, all identifiers are removed, and the aggregate information cannot be linked to any specific guests.
Who do we share your Personal Information with
We routinely share your Personal Information with the following persons:
- our employees for purposes of delivering the service or conducting internal analysis with a view to improving our services;
- our tour operators solely on your requests;
- our agents, contractors or third-party service providers who may receive your Personal Information in the course of providing the services to us and which we require in order to better serve your needs as a guest of our resorts.
We take great measures to ensure that all of your Personal Information is kept safely. We take steps to ensure that only designated persons have access to your Personal Information on a strictly need-to-know basis for purposes of rendering the services. Furthermore, all third persons with whom we share your Personal Information are under a contractual obligation with us to protect all Personal Information to which they have access.
We will also share your Personal Information without first obtaining your express consent as follows:
- with law enforcement and other statutory authorities if required by law;
- If required or authorized by law;
- If you have failed to pay your accounts or where we are required to initiate legal proceedings to recover damages suffered as a result of your actions or omissions;
- If we suspect any unlawful activities on your part.
- If your stay has been paid for by a third party, we will provide billing information to that third party.
Except as provided for above, we will not share your Personal Information with any third parties unless with your express consent.
Whether providing Personal Information is mandatory
The Personal Information that we require from you is to enable us to offer our services to you and to respond to your specific requests or needs. You are under no obligation to provide these information to us but if you don’t, we will be limited in the scope of the services which we can deliver to you.
How long do we store your Personal Information
Your Personal Information will be stored for as long required to fulfil our business purpose and for the period of time required by law in the jurisdiction of any hotel holding your Personal Information.
Legal basis for collecting your Personal Information
We are committed to collecting and using your information in accordance with applicable data protection laws.
We will only collect, use and share your Personal Information where we are satisfied that we have an appropriate legal basis to do this.
This may be because:
- you have provided your consent to us using the Personal Information for specified purposes;
- our use of your Personal Information is necessary to provide you with the service under our contract with you, for example, making and managing your booking and performing the services during your stay with us;
- our use of your Personal Information is necessary to fulfill our statutory obligations with our regulators, tax officials, law enforcement bodies, or otherwise meet our legal responsibilities;
- our use of your information is in our legitimate interest as a commercial organisation, for example to operate and improve our services and to keep people informed about our products and services (including for profiling and targeted advertising) - in which case we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to such processing at any time by sending us a request as detailed below.
Transfer of your Personal Information to another country
We may transfer your Personal Information to another country to work with our agents and advisers who we use to deliver the services to you or to comply with a legal duty. If and when we do, we will ensure that your Personal Information is protected by putting in place a contract with the recipient of the Personal Information to safeguard the data being transferred.
Under applicable data protection laws (including the Data Protection Act 2017 (Mauritius) and the General Data Protection Regulations), you have a number of important rights which you may exercise by writing to us at the address set out below, including your rights to receive a copy of your Personal Information, to amend, correct or in certain circumstances to erase your Personal Information or object to or restrict the processing of your Personal Information for specified purposes. However, to protect your Personal Information, we require that you prove your identity to us at the time the request is made, for instance by requesting for a copy of your government issued identification card. We may also require that you provide us with your other contact details or answer some other security questions to satisfy ourselves of your identity.
Upon receiving a request from you, we will use our best endeavours to reply to you as soon as possible within a month but our response time will depend on the complexity of your requests. We will respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee.
There may also be circumstances where we are not able to comply with your requests typically a request to erase your Personal Information or where you object to the processing of your Personal Information for a specific purpose or where you request that we restrict the use of your Personal Information - for instance where we need to keep your Personal Information to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim.
Keeping your Personal Information secured
We have appropriate security measures in place to prevent your Personal Information from being accidentally lost, or used or accessed in an unauthorised way, including appropriate encryption technologies. We limit access to your Personal Information to those who have a genuine business need to know it. Those processing your Personal Information will do so only in an authorised manner and will at all times be subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The Data Protection Act 2017 (Mauritius) and the General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority.
The supervisory authority in Mauritius is the Data Protection Commissioner who may be contacted at
The Data Protection Office
4th floor, Emmanuel Anquetil Building
Corner Sir Virgil Naz
However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. Any changes to this Privacy Notice will be uploaded on our website. Please note that changes of use will not apply retroactively to Personal Information for which you have given your explicit consent and which was acquired prior to the change in the Privacy Notice, except as may be required by law.
Kanuhura Drone Policy
While we recognize that we have guests who are drone enthusiasts, due to the safety and privacy concerns for our guests, Kanuhura Maldives prohibits the operation of unmanned aerial systems or drones (including model aircraft) on or above our three private islands (Kanuhura, Jehunuhura and Masleggihura)
Kanuhura Maldives may use drones for commercial purposes on sporadic occasions. In these instances, much care will be taken to minimize the impact on guests and to protect their privacy.
The user of Sun Resorts websites is advised that when they access this site, a cookie may be automatically installed on their browser and temporarily stored on the hard disk. A cookie is an element that does not identify the user but is used to record information about the navigation on this website.
the opportunity to access information on the usage profile of the user in order to offer a personalized service, and
to identify sections of the Sun Resorts website that the user has visited in order to anticipate their expectations for the development of this site.
The user of the sites and blogs of Sun Resorts acknowledges having been informed of this practice and authorizes Sun Resorts to use it. The user may deactivate this cookie using the settings in his or her browser.
All e-mailers may contain links to websites that collect personally identifiable information about you. Sun Resorts is not responsible or liable for the actions of such independent websites, and encourages you to review the privacy statements and policies of such websites to understand how they collect, use and store such information.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you by writing to us at the following address:
Data Protection Officer
Ebene Skies, Rue de l’Institut
Email - firstname.lastname@example.org
Governing Law applicable to this Privacy Notice
As a legal entity incorporated under the laws of Mauritius, Sun Limited is registered as a Data Controller under the Data Protection Act 2017 (Mauritius) and is accordingly governed by the requirements of the national laws on data protection.