PRIVACY POLICY

Last Updated: 08/15/2025

1. Introduction


MARS Marketing Caribbean Ltd (“we”, “us”, “our”) values your privacy and is committed to handling your personal information with care and transparency in accordance with the Barbados Data Protection Act 2019-29 (the “Act”). This policy describes how we collect, use, store, and protect your information.

 

2. Definitions & Scope

Personal Data: Any information that identifies you, alone or with other data.

Sensitive Personal Data: Includes data like financial records, biometric data, sexual orientation, etc., as defined under the Act.

This policy applies to all personal data processed by us in Barbados or in connection with offering goods or services to individuals in Barbados.

 

3. Data Protection Principles


We adhere to the following core principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and security.

 

4. Lawful Basis for Processing


We process your data only when:

  • It’s necessary to fulfill a contract.
  • You’ve consented (for marketing or sensitive data);
  • We’re complying with legal obligations;
  • We have legitimate interests that don’t unjustly affect your rights.


5. Consent & Transparency

We collect and process your data only with your informed and specific consent. You will be provided with clear information on who is processing the data, why, how long it will be kept, third-party recipients, transfer destinations, access and deletion rights, and more.

 

6. Data Subject Rights


You have the right to access, correct, delete your data, object to processing, or withdraw consent. We will respond to your requests promptly and in line with the Act’s requirements.

 

7. Data Protection Officer (DPO)


We have appointed (or will appoint, where applicable) a Data Privacy Officer with the necessary expertise, in compliance with the Act.

 

8. Security and Data Protection by Design


We implement appropriate technical and organizational safeguards to protect your data, following the “Privacy by Design and Default” principles.

 

9. Data Breach Notification


In case of a data breach, we’ll notify the Data Protection Commissioner within the timeframes required by the Act (e.g., within 3 days) and, where necessary, communicate the breach to affected individuals.

 

10. Cross-Border Data Transfers


If we transfer data outside Barbados, we ensure adequate protections are in place—such as recognized adequacy, enforceable contractual clauses, or other safeguards mandated by the Act.

 

11. Retention of Data


Your data is kept only as long as necessary for the purposes collected. Retention periods, or criteria to determine them, will be clearly stated to you.

 

12. Registration & Enforcement


While some provisions, like registering as a data controller/processor, are not yet enforced, we commit to compliance once active.

 

14. Updates to This Policy


We may update this policy to reflect legal or operational changes. Any changes will be posted on our site with the updated date.

Shopping Cart
Scroll to Top