Open Contact Form
Please Contact Us X

1. Introduction

• This website is owned by International Card Processing Services Ltd (hereafter “ICPS”, “we”, “us” or “our”).
• We are committed to safeguarding your privacy and strive to ensure that your personal data is processed in a lawful, fair, and transparent manner.
• This Privacy Notice informs you on how we process your personal data in accordance with the European Union General Data Protection Regulation (hereafter the “GDPR”) and the Mauritius Data Protection Act 2017 (hereafter the “MDPA”).
• This notice applies where we are acting as a data controller and data processor with respect to the personal data of our website visitors, physical site visitors, service users, prospects, clients, service providers, and their representatives, among others.
   We recommend you read this Privacy Notice so that you understand our approach towards the use of your personal data..

2. Who we are

ICPS, a subsidiary of HPS Group, was founded in 2008 as a joint venture between MCB Group and HPS Group. The company is now fully owned by the latter since 2021. We provide state-of-the-art technology in Switching and Card Management Systems enabling banks to achieve economies of scale in outsourcing their card processing activities.
• We are registered in Mauritius as both a controller and processor under registration number C081123 and P569, respectively.
• Our principal place of business is at: 7th Floor, The Docks 2, Caudan St, Port Louis 11307, Republic of Mauritius..

3. Personal data we may collect about you

• Personal data is any data from which you can be identified and which relates to you.
• The type of data we collect will depend on the purpose for which it is collected and used. We will only collect data that we need for that purpose.
• We may collect your personal data in the following ways: 
(a) When you give it to us directly for e.g. you use any of our services, you provide or offer to provide services to us, you correspond with us and provide us with your information or you visit our premises.
(b) When we obtain it indirectly for e.g. information is shared with us by third parties. In such a case, the third party must confirm that you have consented to the disclosure of your personal data to us.
(c) When it is available publicly for e.g. depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as LinkedIn).
(d) When you browse and/or interact on our website.
• The information you provide to us will include (depending on the circumstances):
• Identity and contact details: title, names, addresses, email addresses, phone numbers or your signature, IP address, and Company Name.
• Account profile data: a username/display name, and password.
• Conference registration details: the company/organisation you work for, job title/position, language preferences, your name, your email, your age, your gender, your job function, your experience, your opinions and why you are attending the conference and what you hope to learn your accessibility needs.
• Financial data: payment details, which may include billing addresses, bank account information.
• Employment and background data: if you apply for employment on our sites, your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the relevant country, and any other such similar information that you may provide to us.
• Information From Other Sources

In certain circumstances, we will receive information about you from other sources, including third parties. For example, we may receive personal information from any of the following,
• Other website users.
• Event attendees.
• Commercial contact lists that we acquire from other organisations.
• Organisations that we acquire or merge with.
• Organisations with whom we provide co-branded events, websites, products, and services.
• Social media plugins. By providing your social media account details you are authorising that third-party provider to share with us certain information about you.
• Publicly available sources such as LinkedIn.

4. Cookies

We use cookies on our website. Please refer to our Cookie Policy, available at cookie policy, which covers in detail the aspects of cookie usage and the purposes for which we use cookies.

5. How we use your personal data

ICPS will only use your personal data for the purposes for which it was collected or agreed with you. We will not use your personal data for any automated individual decision making which will have a significant impact on you.
We have set out below the legal basis of processing for each purpose.Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data.

Purpose of processing Legal basis
For marketing services that may be of interest to you. Legitimate interests, namely for business development purposes.
For offering, supplying, and selling relevant services to you, including for training of external clients, for sale and pre-sale purposes as well as for portfolio follow-up. Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
For payment and billing purposes. Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
To make statutory returns with the MRA. For compliance with a legal obligation to which we are subject to.
For record-keeping.. For compliance with a legal obligation to which we are subject to, such as internal/external audit and retention periods.
To analyse the use of our website. To allow us to properly operate our website. Consent. Legitimate interests, namely for operating our website and to distinguish between humans and bots who interact with our website.
To monitor compliance with our policies and standards. Legitimate interests, namely of monitoring and improving our website, business and services.
To ensure the security of our website and services and maintain back-ups of our databases. Legitimate interests, namely the proper administration of our website and business.
To manage our relationships with customers, communicating with customers, and keeping records of those communications. Legitimate interests, namely for the proper management of our customer relationships.
To confirm and verify your identity when you request to access, rectify, restrict, or delete the information we hold on you. For compliance with a legal obligation to which we are subject, that is, to verify the identity of a data subject who requests access.
To reply to any requests, complaints, comments, or enquiries you submit to us regarding our services and notify you about changes to our service. Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Legitimate interests namely for proper administration of our business and communication with users.
To provide maintenance and support services. Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

In addition to the above-mentioned specific purposes for which we may process your personal data, we may also process any of your personal data where such processing is necessary for compliance with legal and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is in connection with legal proceedings.

6. Obligatory and Voluntary information

To effectively engage in business transactions and fulfill our contractual obligations, certain information is mandatory for you to provide. This mandatory information includes but is not limited to, your name and contact information. Failure to provide this obligatory information may impact your contractual relationship, accessing member-exclusive content on the website, or receiving benefits. 

If you choose to provide more information beyond what is required, we will evaluate its necessity for our purposes. If it is determined to be unnecessary, we will promptly delete it to ensure the protection of your privacy.

7. Disclosure of personal data

We may need to share your personal data with third parties which assist us in fulfilling our responsibilities regarding our business relationship with you and for the purposes listed above. ICPS may disclose your personal data to the following third parties: 
a) We may disclose your personal data to another member of our group of companies (this means our subsidiaries, our ultimate holding company, and all its subsidiaries, collectively referred to as HPS Group) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this notice..

b) We may also make certain personal data available to third-party service providers and agents who provide services to us (such as transport services). When we share with these third parties, we do so on a need-to-know basis and under clear contractual terms and instructions for the processing of your personal data.

c) We may also be required to disclose your personal data to other third parties such as lawyers, bankers, consultants, insurers, auditors, travel agencies, the Passport and Immigration Office, the Economic Development Board, as well as to other public and government authorities for purposes mentioned in Section 5 or where:
• We have a duty or a right to disclose in terms of law or for national security and/or law enforcement purposes;
• We believe it is necessary to protect our rights;
• We need to protect the rights, property, or personal safety of any member of the public or a customer of our company or the interests of our company; or
• You have given your consent.

We require our service providers and other third parties to keep your personal data confidential and that they only use the personal data in furtherance of the specific purpose for which it was disclosed. We have written agreements in place with our processors to ensure that they comply with these privacy terms.

8. International transfers

We transfer personal data outside Mauritius as may be necessary for the purposes mentioned above. When we transfer your personal data to other countries, we ensure that there are appropriate safeguards in place with regard to the protection of your personal data.
Those transfers are always made in compliance with the GDPR and the MDPA. Data transfers do not change any of our commitments to safeguard your privacy and your personal data remains subject to existing confidentiality obligations.
We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal data is secure.

If you would like further details on the transfer of your personal data outside Mauritius, please contact our Data Protection Officer (hereafter “DPO”) by referring to Section 11.

9. Your data protection rights

ICPS adheres to data retention practices that are in accordance with our business requirements and provisions stipulated in the data protection laws. Your personal data will be retained for the duration of your contractual relationship with us and for a specific period, thereafter, as mandated by relevant domestic laws. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact ICPS’ data protection officer at

10. Personal data security

We are legally obliged to provide adequate protection for the personal data we hold. We have put in place appropriate security measures to prevent your personal data from being subject to any accidental or unlawful destruction, loss, alteration, and any unauthorised disclosure or access.

We have also put in place procedures to deal with any suspected data security breach and will notify you and the Data Protection Office of a suspected breach where we are legally required to do so.

We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personal data is secure.


We use administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of personal data against loss, misuse and unauthorised access, disclosure, alteration, and destruction.

The safeguards we use include:
• Ensuring the physical security of our offices, warehouses, or other sites
• Ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption
• Using standard security protocols and mechanisms (such as secure socket layer (SSL) encryption) to transmit sensitive data
• Maintaining a data protection policy for, and delivering data protection training to some employees
• Limiting access to your personal information to those who need to use it in the course of their work

If you have any questions about the security of your personal information, please contact us using the methods outlined in the "Contact Us" section above.

When we contract with third parties, we impose appropriate security, privacy, and confidentiality obligations on them to ensure that personal data that we remain responsible for is kept secure.

We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same level of protection as we are obliged to.

11. Your data protection rights

Under the GDPR and the MDPA, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Right of Access

You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we process your personal data and to receive a copy of that information.

Right to Rectification

If you believe that the personal data, we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it.

Right to Erasure

In certain circumstances, you may have the right to request the erasure of your personal data. This includes situations where your personal information is no longer necessary for the purposes for which it was collected, or you withdraw your consent and there is no other legal basis for processing.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data under certain conditions. This means we will temporarily suspend the processing of your personal data, such as when you contest its accuracy or when you object to the processing.

Right to Data Portability

You may have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller.

Right to Object

You have the right to object to the processing of your personal data for certain reasons, such as direct marketing or legitimate interests. If you exercise this right, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Withdraw Consent

If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise your right as a data subject, you are requested to send an email to the DPO.
You are asked to send your request with all required information, including:
• The request type – For example, are you requesting a copy of your information, the deletion or modification of your personal data; and  
• All relevant information that can help to successfully respond to your request.

12. Queries and Complaints Contact details

The primary point of contact for questions relating to this privacy notice, including any requests to exercise your legal rights, is our Data Protection Committee which can be contacted:
(a) by post, to 7 th Floor, The Docks 2, Caudan St, Port Louis 11307, Mauritius;
(b) using our Website Contact Form;
(c) by telephone, at 405-0873, or
(d) by email, at

13. Changes to this privacy notice

We may update this Notice from time to time to reflect best practices in data management, security, and control and to ensure compliance with any changes and or amendments made to the MDPA and GDPR and any laws or regulations thereof. We encourage you to review this notice periodically to stay informed about how we protect and use your personal data. The latest version will be made available to you at