General Data Protection Regulation

The GDPR aims to protect individual privacy by ensuring that personal information is collected, used, and stored lawfully, fairly, and transparently. Our institution is committed to safeguarding the personal data of our students, staff, applicants, and wider community in full accordance with the regulation and with Data Protection Act 2017 (DPO).

As a data controller, our institution has clear obligations to manage all personal data securely, responsibly, and with respect for the rights of every individual. Our data protection policy can be accessed here.

Data Protection Policy

1. Purpose
Stephen Business School (SBS) is committed to protecting the privacy, confidentiality, and integrity of personal data relating to students, staff, applicants, partners, and stakeholders. This policy outlines how SBS collects, processes, stores, transfers, and safeguards personal data in compliance with the Mauritius Data Protection Act 2017 (DPA) and applicable international best practices.

2. Scope
This policy applies to all employees, consultants, contractors, students, academic partners, and third parties processing data on behalf of SBS. It covers personal data processed in both physical and electronic formats.

3. Data Protection Principles
The Institution acts as a Data Controller and is registered with the Data Protection Commissioner as required under Section 14 of the Act.
All processing complies with the principles in Section 21 DPA 2017, including:

  • Lawfulness, fairness, transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

4. Types of Data Collected
SBS may collect personal identification details, academic records, visa and residence permit documentation, financial information, employment records, medical certificates (where required), and CCTV recordings for security purposes. Disciplinary records, Health or disability information (special category data).

5. Lawful Basis for Processing.
Processing is carried out under the lawful bases in Section 28 DPA 2017, including:

  • Performance of a contract (admission, enrolment, services)
  • Legal obligations (regulatory reporting)
  • Public interest (education delivery)
  • Consent (where required)
  • Legitimate interests (security, fraud prevention)

7. Data Collection and Use
Data is collected only for specified, explicit, and legitimate purposes as required by Section 23 DPA 2017. The Institution does not collect more data than necessary and does not use data for unrelated purposes.

6. Data Storage and Security
SBS implements appropriate technical and organisational measures including password-protected systems, restricted access controls, secure filing cabinets, regular data backups, and secure destruction of obsolete records.

Key Measures:

  • Encryption of Digital Records
    All sensitive data is encrypted both at rest and during transmission using secure protocols, ensuring protection against unauthorized access.
  • Access Controls and Authentication
    Access to systems is restricted through role-based permissions, strong password policies, and multi-factor authentication, with regular monitoring and review of user access.
  • Secure Physical Storage for Paper Records
    Confidential documents are stored in locked, access-controlled environments, with appropriate retention and secure disposal procedures in place.
  • Regular Security Audits
    Periodic internal and external audits are conducted to assess vulnerabilities, ensure compliance with data protection regulations, and strengthen security measures.
  • Staff Confidentiality Obligations
    All staff are bound by confidentiality agreements and receive ongoing training on data protection, ensuring responsible handling of sensitive information.

7. Data Retention
Personal data is retained for the duration of enrolment or employment and in accordance with regulatory, statutory, and audit requirements. Data no longer required will be securely destroyed[RSJ1.1].

8. Data Sharing and Transfers
SBS may share personal data with regulatory bodies, awarding bodies, government authorities, financial institutions, law enforcement bodies and professional advisors where required. International transfers will occur only with adequate safeguards in place.
Any transfer of personal data outside Mauritius complies with Section 36 DPA, which requires:

  • Appropriate safeguards, such as Standard Contractual Clauses or Binding Corporate Rules
  • Or explicit consent from the data subject after being informed of risks

The Institution ensures that third party service providers (e.g., cloud platforms, partner universities) meet required data protection standards.

9. Data Subject Rights
Individuals have the right to access, correct, request erasure of their data (where applicable), object to certain processing, withdraw consent, and lodge complaints with the Data Protection Office of Mauritius.
Requests must be submitted in writing and will be processed within statutory timelines.

10. Data Breach Management
In the event of a data breach, SBS will implement immediate containment measures, assess risk, notify relevant authorities where required, and inform affected individuals if necessary. All breaches are logged and investigated.

11. Responsibilities
The Director holds overall accountability. Managers ensure departmental compliance. Staff members must handle data securely. IT personnel are responsible for maintaining system security.
All staff must:

  • Handle personal data securely
  • Follow this policy and related procedures
  • Report suspected breaches immediately
  • Complete mandatory data protection training

12. Training and Review
SBS will provide periodic data protection training. This policy will be reviewed annually or as required by legislative changes.

Code of Conduct

1. Purpose
The Code of Conduct establishes the standards of behaviour expected from all members of Stephen Business School (SBS). It aims to promote professionalism, integrity, respect, and accountability across all academic and administrative activities.

2. Scope
This Code applies to:

  • All staff (full-time, part-time, consultants)
  • Students
  • Management
  • External partners, agents, and visitors interacting with SBS

3. Core Values
All members of SBS are expected to uphold the following values:

  • Integrity – Acting honestly and ethically
  • Respect – Valuing diversity and treating others with dignity
  • Professionalism – Maintaining high standards of conduct and responsibility
  • Accountability – Taking responsibility for actions and decisions
  • Excellence – Striving for continuous improvement

4. General Standards of Behaviour
All individuals must:

  • Act with honesty, fairness, and transparency
  • Treat others with courtesy and respect
  • Maintain a safe, inclusive, and non-discriminatory environment
  • Comply with SBS policies, procedures, and applicable laws
  • Avoid behaviour that may damage the reputation of SBS

5. Professional Conduct (Staff)
Staff are expected to:

  • Demonstrate professionalism in all interactions
  • Deliver teaching and services with competence and integrity
  • Maintain appropriate boundaries with students
  • Respect confidentiality of institutional and student information
  • Avoid conflicts of interest or disclose them appropriately

6. Student Conduct
Students are expected to:

  • Attend classes regularly and participate actively
  • Submit work honestly and on time
  • Respect lecturers, staff, and fellow students
  • Follow all academic and administrative rules
  • Use SBS facilities responsibly

7. Academic Integrity
SBS maintains a strict stance on academic honesty. The following are prohibited:

  • Plagiarism
  • Cheating during assessments
  • Falsification of documents or information
  • Collusion or unauthorised collaboration

Any breach will result in disciplinary action.

8. Respect and Inclusion
All members must:

  • Promote equality and inclusiveness
  • Refrain from discrimination, harassment, bullying, or victimisation
  • Respect cultural, religious, and personal differences

9. Use of SBS Property and Resources

  • SBS resources must be used responsibly and for legitimate purposes
  • Misuse, damage, or unauthorised use of facilities or equipment is prohibited

10. Confidentiality and Data Protection

  • Personal and institutional information must be handled with care
  • Confidential data must not be disclosed without proper authorisation
  • All individuals must comply with applicable data protection requirements

11. Communication and Social Media

  • Communication must remain professional and respectful at all times
  • Misrepresentation of SBS or damaging statements is prohibited
  • Social media use must not harm the reputation of SBS

12. Health and Safety

  • All individuals must comply with health and safety guidelines
  • Unsafe behaviour must be avoided and reported promptly

13. Disciplinary Measures
Failure to comply with this Code may result in disciplinary action, including:

  • Verbal or written warnings
  • Suspension
  • Termination of employment or expulsion
  • Legal action where applicable

14. Reporting Misconduct
Any misconduct should be reported through:

  • Line management
  • Student Services Office
  • Administration / HR

All reports will be handled confidentially and fairly.

15. Monitoring and Review
SBS will regularly review this Code to ensure it remains relevant and effective.

Equal Opportunity Policy

1. Policy Statement
Stephen Business School (SBS) is committed to providing an inclusive, respectful, and equitable environment for all students, staff, applicants, and stakeholders.
SBS ensures that no individual is treated less favourably on the basis of personal characteristics unrelated to merit, performance, or institutional requirements.
We promote a culture where diversity is valued, and equal opportunity is embedded in all academic, administrative, and operational practices.

2. Scope
This policy applies to:

  • All employees (full-time, part-time, consultants)
  • Students and prospective students
  • Applicants for employment or admission
  • External partners, agents, and stakeholders

3. Principles of Equal Opportunity
SBS is committed to:

  • Fair and transparent recruitment and admission processes
  • Equal access to education, training, and development opportunities
  • Merit-based decision-making
  • A learning and working environment free from discrimination, harassment, or victimisation
  • Respect for diversity and individual dignity

4. Prohibited Grounds of Discrimination
Discrimination (direct or indirect) is strictly prohibited on the basis of, but not limited to:

  • Gender or sex
  • Age
  • Ethnicity, race, or nationality
  • Religion or belief
  • Disability
  • Marital or family status
  • Sexual orientation
  • Socio-economic background
  • Political opinion

5. Recruitment and Admissions

  • All recruitment and admissions decisions will be based on qualifications, competence, and potential
  • Job advertisements and student recruitment materials will reflect SBS’s commitment to equal opportunity
  • Selection criteria will be applied consistently and fairly

6. Training and Development
SBS ensures that:

  • Staff have equal access to professional development and training
  • Students are provided with equal academic support and learning opportunities
  • Advancement is based on performance and capability

7. Harassment and Bullying
SBS maintains a zero-tolerance approach towards:

  • Harassment
  • Bullying
  • Victimisation

All individuals have the right to study and work in a safe and respectful environment.

8. Responsibilities

Management:

  • Ensure implementation and monitoring of this policy
  • Promote a culture of fairness and inclusion

Staff:

  • Treat colleagues and students with respect and fairness
  • Comply with this policy in all professional conduct

Students:

  • Respect diversity and uphold the values of SBS
  • Refrain from discriminatory behaviour

9. Reporting and Complaints
Any individual who believes they have experienced discrimination or unfair treatment is encouraged to report the matter through:

  • Line management
  • Student Services Office
  • HR/Administration

All complaints will be handled confidentially, fairly, and without retaliation.

10. Monitoring and Review
SBS will:

  • Regularly monitor practices to ensure compliance
  • Review this policy periodically to ensure alignment with legal and institutional requirements

11. Compliance
This policy aligns with applicable laws and regulations in Mauritius and reflects international best practices in education and employment.

Approved by: Dr Sita Jeeneea-Saminaden
Director, Stephen Business School
Effective Date: 05th January 2026
Next Review Date: 15th December 2026