This document is intended to be placed on all web-facing platforms (e.g. website) of Payment Infosys Limited (For Customers located globally outside of UK) and Transactworld Limited (for Customers located in UK), collectively TW Group (“TW”, “Transact Group” or the “Group”) for users to be aware of their rights and obligations, as well as the company’s rights and obligations with regards to data protection.
All users accessing any web-facing platform owned and managed by TW should have access to this document.
We are committed to protecting and respecting your privacy and are pleased to provide you with our privacy notice and request you to read it carefully. We have created this privacy notice to explain to you:
Our use of your personal data is subject to the UK General Data Protection Regulation ("UK GDPR"), the UK Data Protection Act (2018), collectively the “Data Protection Laws”, your instructions and our professional duty of confidentiality. The definitions used in this Privacy Notice have the meanings assigned to them in General Data Protection Regulation.
the Data Controller is:
Transactworld Limited, a company registered and incorporated under the laws of England and Wales with Company Registration Number 08835541 and having its registered office at 5 Technology Park, Colindeep Lane, Colindale, London, United Kingdom, NW9 6BX.
for the purposes of the UK GDPR, we have appointed a Data Protection Officer (DPO). Should you wish to request any clarification or additional information in relation to this Privacy Notice, or you may wish to exercise any of your rights in relation to your personal data, please send us an email on dpo@transactworld.co.uk or via postal mail to 83 Baker Street, London. W1U 6AG.
Our use of your personal data is subject to the Mauritius Data Protection Act 2017 (DPA 2017) and, where applicable, the European Union General Data Protection Regulation (EU GDPR). The definitions used in this Privacy Notice have the meanings assigned to them under these laws.
The Data Controller is:
Payment Infosys Ltd, a company registered and incorporated under the laws of Mauritius with Company Registration Number GB19100114 and having its registered office at c/o Anagha Capital Ltd, 9th Floor Mindspace 45 Cybercity, Ebene, Mauritius.
In accordance with Article 27 of the EU GDPR, we have appointed a representative in the EU. If you wish to obtain the representative’s contact details, please email us at dpo_mru@payhq.com.
You may contact either the Mauritius-based Data Protection Officer (DPO) at dpo_mru@payhq.com or via postal mail to c/o Anagha Capital Ltd, 9th Floor Mindspace 45 Cybercity, Ebene, Mauritius, or the EU representative with any questions or to exercise your rights.
By using our services, you acknowledge that you have read, and agree to, the terms of this Privacy Notice and that you acknowledge that we will use your personal data for the purposes set out in this Privacy Notice. If you do not wish to provide your personal information on the basis set out in this Privacy Notice, you should not enter the relevant information on the website or provide your personal data to us in any other way. However, you understand that if you do not provide your personal data, we will not be able to provide you with our services.
This Privacy Notice is effective as of July 1, 2025. You can request previous versions of this document by sending us an email at dpo@transactworld.co.uk or dpo_mru@payhq.com. Any changes we may make to our Privacy Notice in the future will be published on the Institution’s website and will be effective from the time of their posting.
We are bound by data protection laws to respect and protect any personal data we collect from you and we will abide by such duty. We take all safeguards necessary to prevent unauthorized access. All data collected is processed in accordance with the Data Protection Laws. Most of the information we process is given to us directly by you. This includes information that you input via our website (including our web application), mobile application and that you provide us with via email and/or over the telephone and/or mail. We can only use your personal data if we have a lawful reason for doing so. In terms of the data protection laws, we may process personal data if you have given us your consent, or it is necessary:
We collect 2 types of data from you: (i) personal data like contact details to enable us to fulfil our service and (ii) behavioral data to better improve our service to you, which we will only collect if you opt In. The below table sets out the types of personal data that we may collect, for what we may use it (purpose) and legal bases for processing:
| Type of Personal Data | Purpose of Processing | Legal Basis | When Typically Collected |
|---|---|---|---|
| Full name | Customer identification, KYC onboarding | Performance of a contract, Legal obligation, Consent | During registration / onboarding |
| Date of birth | Age verification, fraud screening | Legal obligation, Legitimate interest | During onboarding (ID verification) |
| Nationality / Country of residence | Sanctions screening, regulatory reporting | Legal obligation | Onboarding, and ongoing KYC review |
| Residential / business address | Verification, correspondence | Performance of a contract, Legal obligation | During account setup and updates |
| Email address | Account setup, communications | Performance of a contract, Consent (marketing) | During sign-up; optionally updated later |
| Phone number | Two-factor auth, contact | Performance of a contract, Legitimate interest, Consent (marketing) | During onboarding and security setup |
| National ID / Passport / DL | KYC/AML checks, identity verification | Legal obligation | During onboarding and re-verification |
| Bank account details | Payments, settlements | Performance of a contract | During funding or withdrawal setup |
| Payment card information | Load e-money, process payments | Performance of a contract | At point of transaction or wallet funding |
| Transaction history | Reporting, analytics, fraud detection | Performance of a contract, Legitimate interest | Continuously, after transactions begin |
| Source of funds / wealth | AML compliance, risk scoring | Legal obligation | During onboarding or upon high-risk triggers |
| Sanctions and PEP checks | Compliance screening | Legal obligation | Onboarding, ongoing monitoring |
| Device info (IP, browser, OS) | Fraud detection, security | Legitimate interest | On every website visit or login |
| Geolocation (via IP/app) | Risk detection, fraud prevention | Legitimate interest, Legal obligation | On login or payment transaction attempts |
| Customer support logs | Complaint resolution, training | Performance of a contract, Legitimate interest | During interactions with support team |
| Marketing preferences | Manage consent and targeting | Consent, Legitimate interest | During opt-in forms or dashboard settings |
| Cookies & usage analytics | Improve service, detect abuse | Consent (non-essential), Legitimate interest (essential) | On website visit |
| Voice recordings (calls) | Training, compliance, dispute resolution | Legitimate interest, Legal obligation | During customer support calls (if recorded) |
| Facial image (e.g. selfie) | Biometric ID match, fraud detection | Explicit consent | During onboarding with video KYC |
You shall take full responsibility for the integrity and the accuracy of the data provided. All personal data provided to us shall be in all respects true, accurate and up to date and is not, in any respect, misleading, deceptive or inaccurate or likely to mislead or deceive. We typically do not carry out profiling of our customers and their activities using fully automated processes, but we use technology to evaluate your personal particulars and other factors to predict risks or outcomes during opening an account (KYB, anti-money laundering, sanctions checks, identity and address verification) and to monitor your account to detect fraud and financial crime. Any decisions taken based on obtained information will be taken by natural persons.
TW uses cookies to optimise the functionality of our website. Cookies are small text files that contain certain data such as the site’s name and unique user ID and is downloaded to and stored on your device when you visit a website. We use cookies to help identify your computer so we can tailor your user experience. These cookies may obtain information about you, your device and your use of our website.
Most, but not all, of the cookies we use are automatically deleted from your computer when you leave our website and close the browser session, or shortly afterwards. You can disable any cookies already stored on your computer, but these may stop our website from functioning properly.
Third party vendors, including Google, may show adverts for TW on the internet. These vendors may use cookies to serve ads based on a user’s visits to TW. Users can opt out of Google’s use of cookies by visiting the respective advertising opt-out page.
You can set your browser to not accept cookies, but this may limit your ability to use the services. For more information about our use of cookies and how you can change your settings to suit you, please refer to our Cookie Policy.
For us to be able to provide you with our service, data needs to be transferred both internally and externally.
Internal transfer of data is required for the provision of our Services to you, including for our communications with you. Internal sharing of data is only limited to employees and authorised representatives who require the personal data and have been provided with relevant permission to access it.
We do not share your data with third parties, except with the following persons and in the indicated circumstances:
We may also disclose your personal data in response to any requests made from law enforcement agencies, government entities or public authorities, to comply with court orders, to obtain legal remedies and/or limit our damages, to protect your rights as well as our rights and the rights of our employees and where we deem necessary or appropriate under applicable laws and regulations. Furthermore, we may also use your personal data in connection with the exercise or potential exercise of our legal rights, including sharing with debt collection agencies in cases of defaulting any payment contractually or legally owed to us. We may need to use such information if we are involved in a dispute with you or a third party, for example, either to resolve the dispute or as part of any mediation, arbitration or court resolution or similar (i.e. for the assertion, exercise and/or defence of any legal claims and disputes). A list of our third-party suppliers with which we share personal data can be provided upon request.
We will also be required by law, to provide reports containing personal data to regulatory bodies within UK and Mauritius as well as within other jurisdictions for tax and other regulatory and compliance matters.
We may also share your personal data with other parties in the event of a corporate reorganisation and/or disposition of our business, such as potential buyers of all or part of our business. In such case and where allowable by Law, we will attempt to inform you of it, as well as of the identity of the new Data Controller either by directly contacting you, by placing public notices on our website or by using other appropriate media.
We hold your personal data on Google Cloud Platform of our third-party service providers as described in clause 6 above. Some of these service providers may be located either in the UK or outside the UK. Any such transfers will be processed in accordance with specific Mauritian, UK and EU data protection laws, where applicable, as also provided in clause 8 below.
In the event that personal data is stored or transferred outside the UK or Mauritius, the transfers shall be subject to specific UK, Mauritius and EU data protection laws, where applicable. TW will endeavour to ensure that transferred data is available on a principle of least privilege, is made secure (using the appropriate technological solution/s) and transferred only to jurisdictions that have been recognised as providing an adequate level of data protection by the UK, Mauritius, or the EU, as applicable to the context of the data processing.
Subject to your rights in Clause 10 hereunder, we retain your personal data included on your profile for as long as this is necessary to provide you with our services and for long as it is necessary for us to comply with our record-keeping requirements in terms of the law and to be able to respond to any questions, complaints or claims made by you or on your behalf. Hence, we will retain your personal data even after the completion of our services to you.
We will not collect more data than we require or retain your data for longer than necessary to fulfil the purposes outlined in this notice.
We will also keep personal data for the purpose of presenting and processing in case of a litigation or a legal process which you, the relevant authorities or us may be party to, due to our provision of services to you.
Should you require information about how long we hold your personal data, please do not hesitate to contact us in order to assist you with any information or clarifications you may have.
You have the following rights:
Should you require any further information on each of the above rights or would like to exercise any of them, please contact us on www.payhq.com or by e-mail on: dpo@Transact.co.uk should you be domiciled in the United Kingdom; and dpo_mru@payhq.com should you be domiciled outside the United Kingdom. Where you request access to your personal data, we are required by law to use all reasonable measures to verify your identity before doing so; this is done to ensure that the request is legitimate and that there is no case of identity theft or equivalent. These measures are designed to protect you and reduce the risk of identity fraud, identity theft or general unauthorised access to your personal data. Where we possess appropriate personal data about you on file, we will attempt to verify your identity using that personal data. In default, we may require original or certified copies of certain documentation to verify your identity before we are able to provide you with access. Your rights may be exercised in accordance with the Law, which might include restrictions on when you can exercise these rights. You are not required to pay any charge for exercising your rights, within limits. If you make a request, we have one month to respond to you.
Our website may contain links to other websites. Please note third party links are not associated with TW and we do not have control over how your personal data is collected, stored or used by other websites. Hence, you are advised to refer to their privacy policies prior to providing your data.
We are committed to take all appropriate measures to protect the confidentiality and security of the data you provide to us. TW has implemented security measures to protect your personal data that we collect from being used or accessed unlawfully or accidentally lost. We only grant access to your personal data to those persons who have a genuine need to access it. All our members, staff and data processors (including specific subcontractors, including cloud service, verification tools providers, established within the European Union), who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of your Personal Data as well as other obligations as imposed by the Data Protection Laws. We take appropriate organisational and technical measures to secure your personal data and to protect it against unauthorised or unlawful use and accidental loss or destruction, including: We may update this Privacy Policy from time to time. Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.
In the event of a Personal Data breach, that is, a breach (of security) leading to the accidental, unauthorised and/or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, or any other threatening enforcement proceeding against us pertaining to the processing of Personal Data, we will notify you about this without undue delay, except and unless:
We would like to resolve any concern that you may have about the processing of your personal data directly with you. However, you have the right to lodge a complaint with a supervisory authority. The supervisory authority in the United Kingdom is the Information Commissioner’s Office which may be contacted at:
Information Commissioner’s Office
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone:03031231113
Email: casework@ico.org.uk
Website: www.ico.org.uk/make-a-complaint
The supervisory authority in Mauritius is the Data Protection Office (DPO) of Mauritius which may be contacted at:
Data Protection Office
Address: 5th Floor, SICOM Tower, Wall Street, Ebène Cybercity, Ebène, Mauritius
Telephone: +230 460 0251
Email: dpo@govmu.org
Website: https://dataprotection.govmu.org/
EU citizens also have the right to lodge a complaint with the supervisory authority for data protection purposes in his/her habitual residence.