This website is owned by International Card Processing Services Ltd (hereafter “ICPS”);
We are committed to safeguarding the privacy of our website visitors, physical site visitors,
service users, prospects, clients, service providers and their representatives;
As a result, we would like to inform you regarding the way we would use your personal data, as is
required by the European Union General Data Protection Regulation (hereafter the “GDPR”) and
the Data Protection Act 2017 (hereafter the “DPA”). We recommend you read this Privacy Notice
so that you understand our approach towards the use of your personal data;
Our Privacy Notice sets out the types of personal data we collect, how we collect and process
that data, who we may share this information with and the rights you have in this respect;
This notice applies where we are acting as a data controller with respect to the personal data of
our website visitors, physical site visitors, service users, prospects, clients, service providers and
their representatives, among others. As a data controller, we determine the purposes and means
of the processing of that personal data. We also comply with our obligations as a data processor
under the DPA and the GDPR;
By using our website, you acknowledge that you have read and understood the terms of this
Privacy Notice;
In this notice, "we", "us" and "our" refer to ICPS.
ICPS, a subsidiary of HPS Group, was founded in 2008 as a joint venture between MCB Group
and HPS Group. The company is now fully owned by the latter since 2021. We provide a state
of the art technology in Switching and Card Management Systems enabling banks to achieve
economies of scale in outsourcing their card processing activities.
We are registered in Mauritius under registration number C081123.
Our principal place of business is at Avenue Anse Courtois, Les Pailles, 11220, Mauritius.
Personal data is any data from which you can be identified and which relates to you;
The type of data we collect will depend on the purpose for which it is collected and used. We
will only collect data that we need for that purpose;
We may collect your personal data in the following ways:
(a) When you give it to us directly for e.g. you use any of our services, you provide or offer to
provide services to us, you correspond with us and provide us with your information or you
visit our premises;
(b) When we obtain it indirectly for e.g. information is shared with us by third parties. In such
a case, the third party must confirm that you have consented to the disclosure of your
personal data to us;
(c) When it is available publicly for e.g. depending on your privacy settings for social media
services, we may access information from those accounts or services (for example when you
choose to interact with us through platforms such as LinkedIn);
(d) When you browse and/or interact on our website.
The information you provide to us will include (depending on the circumstances):
Identity and contact data: title, names, addresses, email addresses, phone numbers or your
signature, IP Address, Company Name;
Account profile data: a username/display name, password;
Conference registration details: the company/organisation you work for, job title/position,
language preferences, your name, your email, your age, your gender, your job function, your
experience, your opinions and why you are attending the conference and what you hope to
learn, your accessibility needs;
Financial data: payment details, which may include billing addresses;
Employment and background data: if you apply for employment on our sites, your academic and
work history, qualifications, skills, projects and research that you are involved in, references, proof
of your entitlement to work in the relevant country, and any other such similar information that
you may provide to us.
In certain circumstances, we will receive information about you from other sources, including third parties.
For example, we may receive personal information from any of the following:
Other website users;
Event attendees;
Commercial contact lists that we acquire from other organisations;
Organisations that we acquire or merge with;
Organisations with whom we provide co-branded events, websites, products, and services;
Social media plugins. By providing your social media account details you are authorising that third-
party provider to share with us certain information about you;
Publicly available sources such as LinkedIn.
We use cookies on our website. Insofar as those cookies are strictly necessary for the provision of our
website and services, we will ask you to consent to our use of cookies when you first visit our website.
Please refer to our Cookie Policy, available at cookie policy, which covers in details the
aspects of cookie usage and the purposes for which we use cookies.
ICPS will only use your personal data for the purposes for which it was collected or agreed with
you. We will not use your personal data for any automated individual decision making which
will have a significant impact on you.
We have set out below the legal basis of processing for each purpose. Note that we may
process your personal data for more than one lawful ground depending on the specific purpose
for which we are using your personal data.
Purpose of processing | Legal basis |
---|---|
For the purposes of marketing services which may be of interest to you. | Legitimate interests, namely for business development purposes. |
For the purposes of offering, supplying and selling relevant services to you, including for training of external clients, for sale and pre- sale purposes as well as for portfolio follow- up. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Legitimate interests, namely the proper administration of services. |
For payment and billing purposes. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. |
To make statutory returns with the MRA. | For compliance with a legal obligation to which we are subject to. |
For the purposes of record keeping. | For compliance with a legal obligation to which we are subject to, such as internal/external audit and retention periods. |
For the purpose of analysing the use of our website. For the purpose of allowing us to properly operate our website. | Consent. Legitimate interests, namely for operating our website and to distinguish between humans and bots who interact with our website. |
For the purpose of monitoring compliance with our policies and standards. | Legitimate interests, namely of monitoring and improving our website, business and services. |
For the purposes of ensuring the security of our website and services and maintaining back-ups of our databases. | Legitimate interests, namely the proper administration of our website and business. |
For the purposes of managing our relationships with customers, communicating with customers and keeping records of those communications. | Legitimate interests, namely for the proper management of our customer relationships. |
For the purposes of confirming and verifying your identify when you request to access, rectify, restrict or delete the information we hold on you. | For compliance with a legal obligation to which we are subject to, that is, to verify the identity of a data subject who requests access. |
For the purposes of replying to any requests, complaints, comment or enquiries you submit to us regarding our services and notifying you about changes to our service. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. Legitimate interests namely for proper administration of our business and communication with users. |
For the purpose of providing maintenance and support services. | Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. |
In addition to the above-mentioned specific purposes for which we may process your personal data, we
may also process any of your personal data where such processing is necessary for compliance with
legal and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is
in connection with legal proceedings.
We may need to share your personal data with third parties which assist us in fulfilling our
responsibilities regarding our business relationship with you and for the purposes listed above.
ICPS may disclose your personal data to the following third parties:
a) We may disclose your personal data to another member of our group of companies (this
means our subsidiaries, our ultimate holding company and all its subsidiaries, collectively
referred to as HPS Group) insofar as reasonably necessary for the purposes, and on the
legal bases, set out in this notice;
b) We may also make certain personal data available to third party service providers and agents
who provide services to us (such as for transport services). When we share with these third
parties, we do so on a need-to-know basis and under clear contractual terms and instructions
for the processing of your personal data;
c) We may also be required to disclose your personal data to other third parties such as
lawyers, bankers, consultants, insurers, auditors, travel agencies, the Passport and
Immigration Office, the Economic Development Board, as well as to other public and
government authorities for purposes mentioned in Section 5 or where:
We have a duty or a right to disclose in terms of law or for national security and/or law
enforcement purposes;
We believe it is necessary to protect our rights;
We need to protect the rights, property or personal safety of any member of the public or
a customer of our company or the interests of our company; or
You have given your consent;
We require our service providers and other third parties to keep your personal data
confidential and that they only use the personal data in furtherance of the specific
purpose for which it was disclosed. We have written agreements in place with our
processors to ensure that they comply with these privacy terms.
We may transfer personal data outside Mauritius as may be necessary for the purposes
mentioned above. If we transfer your personal data to other countries, we will ensure that there
are appropriate safeguards in place with regard to the protection of your personal data.
Those transfers would always be made in compliance with the GDPR and the DPA. Data transfers
do not change any of our commitments to safeguard your privacy and your personal data
remains subject to existing confidentiality obligations.
If you would like further details on the transfer of your personal data outside Mauritius, please
contact our Data Protection Committee (hereafter “DPC”) by referring to Section 11.
We are legally obliged to provide adequate protection for the personal data we hold. We have
put in place appropriate security measures to prevent your personal data from being subject to
any accidental or unlawful destruction, loss, alteration, and any unauthorised disclosure or
access.
We have also put in place procedures to deal with any suspected data security breach and will
notify you and the Data Protection Office of a suspected breach where we are legally required
to do so.
We will, on an on-going basis, continue to review our security controls and related processes to
ensure that your personal data is secure.
We use administrative, technical, and physical safeguards to protect the security, confidentiality, and
integrity of personal data against loss, misuse and unauthorised access, disclosure, alteration, and
destruction.
The safeguards we use include:
Ensuring the physical security of our offices, warehouses, or other sites;
Ensuring the physical and digital security of our equipment and devices by using appropriate
password protection and encryption;
Using standard security protocols and mechanisms (such as secure socket layer (SSL) encryption)
to transmit sensitive data;
Maintaining a data protection policy for, and delivering data protection training to some
employees;
Limiting access to your personal information to those who need to use it in the course of their
work.
When we contract with third parties, we impose appropriate security, privacy and confidentiality
obligations on them to ensure that personal data that we remain responsible for is kept secure.
We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same
level of protection, as we are obliged to.
If you have any questions about the security of your personal information, please contact us (refer to
Section 11).
Under the GDPR and the DPA, you have rights we need to make you aware of. The rights available to
you depend on our reason for processing your information.
You have the right to ask us to delete your personal data in certain circumstances:
When we no longer need your personal data;
If you initially consented to the use of your personal data, but have now withdrawn your
consent;
If you have objected to us using your personal data, and your interests outweigh ours;
If we have collected or used your personal data unlawfully; and
If we have a legal obligation to erase your data.
Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to
fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. Upon the
determined expiry date, we will securely destroy your personal data. Retention periods are indicated in
Annex A’s Records Retention and Disposal Schedule. When we delete data from our servers, no residual
copies remain on our servers. Data from our backup tapes are also deleted depending on the next
scheduled backup overwrite which may be on a weekly, monthly or yearly basis in accordance with its
configuration.
You have the right to request a copy of the personal data we hold about you. To do this, simply contact
our DPC (refer to Section 11) and specify what data you would like. We will take all reasonable steps to
confirm your identity before providing details of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in the above circumstances.
You have the right to ask us to update or correct your personal data if you think it is inaccurate or incomplete. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of.
You have the right to ask us to limit how we use your data. If necessary, you may also stop us from
deleting your data. To exercise your right to restriction, simply contact our DPC (refer to Section 11), say
what data you want restricted and state your reasons. You may request us to restrict processing of your
personal data in the following circumstances:
If you have contested the accuracy of your personal data, for a period to enable us to verify the
accuracy of the data;
If you have made an objection to the use of your personal data;
If we have processed your personal data unlawfully but you do want it deleted;
If we no longer need your personal data but you want us to keep it in order to create, exercise
or defend legal claims.
You also have the right to object to us processing your personal data where your data is being used:
For a task carried out in the public interest;
For our legitimate interests;
For scientific or historical research, or statistical purposes; or
For direct marketing.
We currently process personal data for our legitimate interests and for direct marketing. You should
contact our DPC (refer to Section 11) to inform that you are objecting to any more processing of your
personal data and state in your objection why you believe we should stop using your data in this way.
Unless we believe we have strong reasons to continue using your data in spite of your objections, we
will stop processing your data as per the objection raised.
The right to data portability allows you to ask for transfer of your personal data from one organisation to
another, or to you. The right only applies if we are processing information based on your consent or
performance of a contract with you, and the processing is automated. You can exercise this right with
respect to information you have given us by contacting our DPC (refer to Section 11). We will ensure that
your data is provided in a way that is accessible and machine-readable.
To the extent that the legal basis for our processing of your personal information is consent, you have the
right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before
the withdrawal.
If you wish to exercise any of the rights set out above, please contact our DPC (refer to Section 11).
We keep our privacy notice under regular review. We reserve the right to change our privacy notice at
any time thus we encourage you to periodically review this notice to be informed of how we are using and protecting your personal data. We will notify you of significant changes by email or through
automatic pop- ups on our website. This version was last updated on 01 July 2022.
The primary point of contact for questions relating to this privacy notice, including any requests to
exercise your legal rights, is our Data Protection Committee who can be contacted:
(a) by post, to Avenue Anse Courtois, Les Pailles, 11220, Mauritius ;
(b) using our Website Contact Form;
(c) by telephone, on 405-0873; or
(d) by email, at dpc@icps.mu.
If you believe we have not handled your request in an appropriate manner, you have the right
to complain to the Data Protection Office at dpo@govmu.org.