1. Introduction
• This website is owned by International Card Processing Services Ltd (hereafter “ICPS”, “we”, “us”
or “our”).
• We are committed to safeguarding your privacy and strive to ensure that your personal data is
processed in a lawful, fair, and transparent manner.
• This Privacy Notice informs you on how we process your personal data in accordance with the
European Union General Data Protection Regulation (hereafter the “GDPR”) and the Mauritius
Data Protection Act 2017 (hereafter the “MDPA”).
• This notice applies where we are acting as a data controller and data processor with respect to
the personal data of our website visitors, physical site visitors, service users, prospects, clients,
service providers, and their representatives, among others.
We recommend you read this Privacy Notice so that you understand our approach towards the
use of your personal data..
2. Who we are
• ICPS, a subsidiary of HPS Group, was founded in 2008 as a joint venture between MCB Group and
HPS Group. The company is now fully owned by the latter since 2021. We provide state-of-the-art
technology in Switching and Card Management Systems enabling banks to achieve economies of
scale in outsourcing their card processing activities.
• We are registered in Mauritius as both a controller and processor under registration number
C081123 and P569, respectively.
• Our principal place of business is at: 7th Floor, The Docks 2, Caudan St, Port Louis 11307, Republic
of Mauritius..
3. Personal data we may collect about you
• Personal data is any data from which you can be identified and which relates to you.
• The type of data we collect will depend on the purpose for which it is collected and used. We will
only collect data that we need for that purpose.
• We may collect your personal data in the following ways:
(a) When you give it to us directly for e.g. you use any of our services, you provide or offer
to provide services to us, you correspond with us and provide us with your information
or you visit our premises.
(b) When we obtain it indirectly for e.g. information is shared with us by third parties. In
such a case, the third party must confirm that you have consented to the disclosure of
your personal data to us.
(c) When it is available publicly for e.g. depending on your privacy settings for social media
services, we may access information from those accounts or services (for example when
you choose to interact with us through platforms such as LinkedIn).
(d) When you browse and/or interact on our website.
• The information you provide to us will include (depending on the circumstances):
• Identity and contact details: title, names, addresses, email addresses, phone numbers or your
signature, IP address, and Company Name.
• Account profile data: a username/display name, and password.
• Conference registration details: the company/organisation you work for, job title/position,
language preferences, your name, your email, your age, your gender, your job function, your
experience, your opinions and why you are attending the conference and what you hope to
learn your accessibility needs.
• Financial data: payment details, which may include billing addresses, bank account
information.
• Employment and background data: if you apply for employment on our sites, your academic
and work history, qualifications, skills, projects and research that you are involved in,
references, proof of your entitlement to work in the relevant country, and any other such
similar information that you may provide to us.
• Information From Other Sources
In certain circumstances, we will receive information about you from other sources, including third
parties. For example, we may receive personal information from any of the following,
• Other website users.
• Event attendees.
• Commercial contact lists that we acquire from other organisations.
• Organisations that we acquire or merge with.
• Organisations with whom we provide co-branded events, websites, products, and services.
• Social media plugins. By providing your social media account details you are authorising that
third-party provider to share with us certain information about you.
• Publicly available sources such as LinkedIn.
4. Cookies
We use cookies on our website. Please refer to our Cookie Policy, available at cookie policy, which covers in detail the aspects of cookie usage and the
purposes for which we use cookies.
5. How we use your personal data
ICPS will only use your personal data for the purposes for which it was collected or agreed with you. We
will not use your personal data for any automated individual decision making which will have a significant
impact on you.
We have set out below the legal basis of processing for each purpose.Note that we may process your
personal data for more than one lawful ground depending on the specific purpose for which we are using
your personal data.
| Purpose of processing | Legal basis |
|---|---|
| For marketing services that may be of interest to you. | Legitimate interests, namely for business development purposes. |
| For offering, supplying, and selling relevant services to you, including for training of external clients, for sale and pre-sale purposes as well as for portfolio follow-up. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. |
| For payment and billing purposes. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. |
| To make statutory returns with the MRA. | For compliance with a legal obligation to which we are subject to. |
| For record-keeping.. | For compliance with a legal obligation to which we are subject to, such as internal/external audit and retention periods. |
| To analyse the use of our website. To allow us to properly operate our website. | Consent. Legitimate interests, namely for operating our website and to distinguish between humans and bots who interact with our website. |
| To monitor compliance with our policies and standards. | Legitimate interests, namely of monitoring and improving our website, business and services. |
| To ensure the security of our website and services and maintain back-ups of our databases. | Legitimate interests, namely the proper administration of our website and business. |
| To manage our relationships with customers, communicating with customers, and keeping records of those communications. | Legitimate interests, namely for the proper management of our customer relationships. |
| To confirm and verify your identity when you request to access, rectify, restrict, or delete the information we hold on you. | For compliance with a legal obligation to which we are subject, that is, to verify the identity of a data subject who requests access. |
| To reply to any requests, complaints, comments, or enquiries you submit to us regarding our services and notify you about changes to our service. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Legitimate interests namely for proper administration of our business and communication with users. |
| To provide maintenance and support services. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. |
In addition to the above-mentioned specific purposes for which we may process your personal data, we
may also process any of your personal data where such processing is necessary for compliance with legal
and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is in
connection with legal proceedings.
6. Obligatory and Voluntary information
To effectively engage in business transactions and fulfill our contractual obligations, certain information is
mandatory for you to provide. This mandatory information includes but is not limited to, your name and
contact information. Failure to provide this obligatory information may impact your contractual
relationship, accessing member-exclusive content on the website, or receiving benefits.
If you choose to provide more information beyond what is required, we will evaluate its necessity for our
purposes. If it is determined to be unnecessary, we will promptly delete it to ensure the protection of
your privacy.
7. Disclosure of personal data
We may need to share your personal data with third parties which assist us in fulfilling our responsibilities
regarding our business relationship with you and for the purposes listed above. ICPS may disclose your
personal data to the following third parties:
a) We may disclose your personal data to another member of our group of companies (this means
our subsidiaries, our ultimate holding company, and all its subsidiaries, collectively referred to as HPS Group) insofar as reasonably necessary for the purposes, and on the legal bases, set out in
this notice..
b) We may also make certain personal data available to third-party service providers and agents
who provide services to us (such as transport services). When we share with these third parties,
we do so on a need-to-know basis and under clear contractual terms and instructions for the
processing of your personal data.
c) We may also be required to disclose your personal data to other third parties such as lawyers,
bankers, consultants, insurers, auditors, travel agencies, the Passport and Immigration Office, the
Economic Development Board, as well as to other public and government authorities for
purposes mentioned in Section 5 or where:
• We have a duty or a right to disclose in terms of law or for national security and/or law
enforcement purposes;
• We believe it is necessary to protect our rights;
• We need to protect the rights, property, or personal safety of any member of the public
or a customer of our company or the interests of our company; or
• You have given your consent.
We require our service providers and other third parties to keep your personal data confidential and that
they only use the personal data in furtherance of the specific purpose for which it was disclosed. We have
written agreements in place with our processors to ensure that they comply with these privacy terms.
8. International transfers
We transfer personal data outside Mauritius as may be necessary for the purposes mentioned above.
When we transfer your personal data to other countries, we ensure that there are appropriate safeguards
in place with regard to the protection of your personal data.
Those transfers are always made in compliance with the GDPR and the MDPA. Data transfers do not
change any of our commitments to safeguard your privacy and your personal data remains subject to
existing confidentiality obligations.
We will, on an on-going basis, continue to review our security controls and related processes to
ensure that your personal data is secure.
If you would like further details on the transfer of your personal data outside Mauritius, please contact
our Data Protection Officer (hereafter “DPO”) by referring to Section 11.
9. Your data protection rights
ICPS adheres to data retention practices that are in accordance with our business requirements and
provisions stipulated in the data protection laws. Your personal data will be retained for the duration of
your contractual relationship with us and for a specific period, thereafter, as mandated by relevant
domestic laws. For more information on where and how long your personal data is stored, and for more
information on your rights of erasure and portability, please contact ICPS’ data protection officer at
dpo@icps.mu.
10. Personal data security
We are legally obliged to provide adequate protection for the personal data we hold. We have put in
place appropriate security measures to prevent your personal data from being subject to any accidental
or unlawful destruction, loss, alteration, and any unauthorised disclosure or access.
We have also put in place procedures to deal with any suspected data security breach and will notify you
and the Data Protection Office of a suspected breach where we are legally required to do so.
We will, on an ongoing basis, continue to review our security controls and related processes to ensure
that your personal data is secure.
Security
We use administrative, technical, and physical safeguards to protect the security, confidentiality, and
integrity of personal data against loss, misuse and unauthorised access, disclosure, alteration, and
destruction.
The safeguards we use include:
• Ensuring the physical security of our offices, warehouses, or other sites
• Ensuring the physical and digital security of our equipment and devices by using appropriate
password protection and encryption
• Using standard security protocols and mechanisms (such as secure socket layer (SSL) encryption)
to transmit sensitive data
• Maintaining a data protection policy for, and delivering data protection training to some
employees
• Limiting access to your personal information to those who need to use it in the course of their
work
If you have any questions about the security of your personal information, please contact us using the
methods outlined in the "Contact Us" section above.
When we contract with third parties, we impose appropriate security, privacy, and confidentiality
obligations on them to ensure that personal data that we remain responsible for is kept secure.
We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same
level of protection as we are obliged to.
11. Your data protection rights
Under the GDPR and the MDPA, you have rights we need to make you aware of. The rights available to
you depend on our reason for processing your information.
Right of Access
You have the right to request access to the personal data we hold about you. This includes the right to
obtain confirmation of whether we process your personal data and to receive a copy of that information.
Right to Rectification
If you believe that the personal data, we hold about you is inaccurate or incomplete, you have the right to
request that we correct or update it.
Right to Erasure
In certain circumstances, you may have the right to request the erasure of your personal data. This
includes situations where your personal information is no longer necessary for the purposes for which it
was collected, or you withdraw your consent and there is no other legal basis for processing.
Right to Restriction of Processing
You have the right to request the restriction of the processing of your personal data under certain
conditions. This means we will temporarily suspend the processing of your personal data, such as when
you contest its accuracy or when you object to the processing.
Right to Data Portability
You may have the right to request a copy of your personal information in a structured, commonly used,
and machine-readable format. You also have the right to transmit this data to another data controller.
Right to Object
You have the right to object to the processing of your personal data for certain reasons, such as direct
marketing or legitimate interests. If you exercise this right, we will no longer process your personal data
unless we can demonstrate compelling legitimate grounds that override your interests, rights, and
freedoms.
Right to Withdraw Consent
If we rely on your consent as the legal basis for processing your personal data, you have the right to
withdraw your consent at any time. This will not affect the lawfulness of processing based on consent
before its withdrawal.
To exercise your right as a data subject, you are requested to send an email to the DPO.
You are asked to send your request with all required information, including:
• The request type – For example, are you requesting a copy of your information, the deletion or
modification of your personal data; and
• All relevant information that can help to successfully respond to your request.
12. Queries and Complaints Contact details
The primary point of contact for questions relating to this privacy notice, including any requests to
exercise your legal rights, is our Data Protection Committee which can be contacted:
(a) by post, to 7 th Floor, The Docks 2, Caudan St, Port Louis 11307, Mauritius;
(b) using our Website Contact Form;
(c) by telephone, at 405-0873, or
(d) by email, at dpo@icps.mu.
13. Changes to this privacy notice
We may update this Notice from time to time to reflect best practices in data management, security, and control and to ensure compliance with any changes and or amendments made to the MDPA and GDPR and any laws or regulations thereof. We encourage you to review this notice periodically to stay informed about how we protect and use your personal data. The latest version will be made available to you at https://www.icps.mu/en/privacy-policy.