Payment innovation that unlocks real value.

  1. Overview

    Your privacy is important to us. We are committed to be transparent about how we collect or otherwise process your personal information.

    This Data Protection Policy (thereafter “the Policy”) is therefore intended to inform you how we collect, use, and share your personal information both on our website and in general. Please read it carefully to understand our practices and your rights.

    Kindly note that Blue Balloon Limited website (“the Website”) is not intended for use by children [under the age of 16] and we do not knowingly collect or use personal information of children unless their guardian or legal representatives provide the information voluntarily.

  2. Controller and Data Protection Officer

    1. Controller

      For the purposes of the Data Protection Act 2017 (“the Law”) enacted the Republic of Mauritius and the European Union General Data Protection Regulations 2016/679, the Data Controller is Blue Balloon Limited (thereafter referred to as “we”, or “us”). Our full contact details are:

      Office 401, Level 4 Block D1, Grand Baie La Croisette, Grand Baie, Mauritius

      [email protected]

      +230 268 2943 (International rates may apply)

    2. Data Protection Officer

      We have appointed a Data Protection Officer in accordance with prevailing legislation. You can contact him at [email protected] or by calling on telephone number provided above.

  3. About us

    Blue Balloon is a licenced Payment Intermediary Service (PIS) company, also known as a Payment Services Provider (PSP) based in the Republic of Mauritius. The company operates a payment gateway for payment processing, helping e-commerce merchant to accept electronic payments in multiply currencies made by credit cards, debit cards, bank transfers or online banking.

    Our Privacy Statement

    We respect your privacy and shall always endeavour to protect your personal data to the best of our capabilities. This Privacy Policy will provide you with information on the type of information we may collect about you, the purpose of collecting same, how we may process same and the safeguards implemented accordingly.

  4. To what does the Policy apply to?

    The Policy applies to the processing of Personal data we gather or use when you visit or use our Website, when you visit or use our social media accounts, when we discharge our obligations in relation to a contract between you and us, when you visit our premises for a stay or enjoying our facilities and when you interact with us in general.

    Note that the Website may include links to third party websites. We do not have any control and accept no responsibility for the way these third party websites operate and collect or process Personal data. When accessing these third party websites we recommend that you consult the privacy policies of every website you visit. It may be useful to read our cookies policy for more information about how to manage cookies that may get into your computer or other device when browsing our website.

    This Policy supplements other privacy notices we may provide you on specific occasions when we collect Personal data about you to inform you about how we will use your data.

  5. Collection of Information

    There may be various ways by which you provide us with information about you. This includes, for example, if you fill in the contact us form on the Website (personal information provided may include your name, email address, and maybe more personal information depending on the message you send us), by liaising with us by telephone, e-mail, whatsapp or other similar means. Other ways by which we may get your information is if you apply for a job, enquire or engage our products/services, subscribe to receive our periodic newsletter, book a stay with us or you make a complaint or enquiry to us among others.

    When accessing the Website, the personal information you give us may include your name, address, e-mail address and phone number, certain device information, username, password, residential building, work address and other information you choose to provide or that is required depending on the use you make of the Website.

    Kindly note that we may collect Special Categories of Personal data in certain specific circumstances if we require this in view of discharging our contractual obligation towards you.

    Please find a non-exhaustive list of Personal Data we may collect from you:

    • Identity Data (includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender)
    • Contact Data (includes billing address, delivery address, email address and telephone numbers)
    • Financial Data (includes data necessary for processing payments and fraud prevention, including partial credit/debit card numbers, payment card details including billing information and payment card details)
    • Transaction data (e.g. details about payments to and from you and other details of services you have purchased from us)
    • Technical Data (if applicable, includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website)
    • Profile Data (includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses)
    • Usage Data (includes information about how you use our website and services)
    • Marketing and Communications Data (includes your preferences in receiving marketing from us and our third parties and your communication preferences)

  6. How do we collect your personal information?

    We collect personal information through the methods described below:

    1. Directly from you when you:
      • Visit or use our website and social media account(s);
      • Interact with us by telephone, in writing (electronic format or courier) or in person;
      • By capturing images and videos on CCTV cameras on our premises
      • Sending us emails or other forms of correspondences;
      • Subscribe to newsletters, or other communications from us;
      • By using our services or purchasing a product from us
      • Use our website; and
      • Give us feedback.
    2. From third parties when:
      • In case a third party mandated by you provides us with information we require to provide our products and/or services, or for the legitimate interest of our business in general;

    CCTV Cameras

    CCTV cameras are present on our premises to guarantee a safe and secure environment for our guests, employees, suppliers and service providers as well as to protect our property. The CCTV facility captures only videos and does not record audio. Furthermore, the CCTV camera operate in a close circuit environment and only our senior management may have access to the recordings in specific cases which include conducting an investigation or collaborating with the Police (or any relevant authority).

  7. How and why do we use your Personal data?

    We process your Personal data for lawful, specific and legitimate purposes. We ensure to process Personal data that is adequate, relevant and not excessive in relation to the purpose or purposes for which they were collected. The table below describes the purposes for which we process your Personal data:


    • To onboard the clients and facilitate payment processing
    • To comply with any legal and regulatory obligations
    • For our legitimate interest and your interests and fundamental rights do not override those interests
    • For marketing purposes, provided you have provided your prior consent

    Note that:

    • We will request your consent in case we want to use your Personal data for any direct marketing, or other similar campaigns. Not providing your consent will entail that we shall not do any direct marketing or other similar campaigns with you, but this will not affect the contractual business relationship we have with you (if any).

  8. What is the legal basis for processing your Personal data?

    The Law requires us to inform data subjects of the legal grounds (or lawful basis) we rely on for processing their Personal data. We generally rely on one or more of the following legal basis to process personal information, depending on the specific situation:

    • To take steps at your request to enter into a contract with you or perform our contractual obligations towards you;
    • To satisfy a requirement of an applicable law;
    • To protect your vital interests or that of another person;
    • Our legitimate interests in the effective delivery of services and information to you;
    • Our legitimate interests in the effective and lawful operation of our business activities;
    • Our legitimate interests in managing, developing and improving our business, services, platforms and offerings (on condition that your rights and freedoms do not override these interests);or
    • Where there is no other legal basis which is applicable, your consent to us processing your Personal data for the relevant purpose.

  9. Information Security

    We are committed to ensure that Personal data it has in its possession is adequately protected. As such, we have implemented the below safeguards, in line with the relevant requirements of the Law:

    • Appointment of a suitably qualified and experienced Data Protection Officer who will have the responsibility to ensure that we are at all time compliant with the Law, and ensure adequate security and protection of Personal data;
    • Implementation of Data Protection policies and procedures, in line with the requirements of the Law, to ensure the safekeeping of information;
    • Implementation of appropriate security measures to safeguard the integrity of information, both in physical and electronic format. This includes adequate physical security to our office premises to monitor access and robust security software to prevent intrusions and unauthorized access;
    • We have a robust IT infrastructure and a well-structured business continuity and disaster recovery plan in place to preserve the integrity of Personal data at all times and under any circumstances;
    • Implementation of relevant measures for employee screening prior to on-boarding and ongoing training on data privacy;
    • Implementation of appropriate confidentiality and non-disclosure clauses in any agreement we execute with service providers, or other third party (as applicable).

    Note that the above is a non-exhaustive list.
    Although we have taken reasonable measures to protect your Personal data, we cannot guarantee the security of the Personal data you transmit to us over the internet as it also depends on the security of the device you use, among other factors.

  10. For how long do we keep your Personal data?

    We retain Personal data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws, which is generally 7 years after the termination of the business relationship.

    With regards to marketing, if you do not provide your consent, or if you withdraw your consent to any marketing communications or any other processing which require your consent, we will remove you permanently from our marketing database.

  11. Who has access to your personal information?

    Access to your Personal data is restricted to persons on a need-to-know basis and, subject to a duty of confidentiality. This includes employees, third party contractors or service providers who need access to your information to allow us to fulfil our contract with you, or for our legitimate business purposes. If we are required to share your Personal data, we will ensure that the third party has implemented appropriate Data Protection measures and are required to process Personal data with equivalent degree of care as required by the Law. We do not allow any third party service providers to use your Personal data for any other purposes than the one for which it was collected for.

    We may also communicate your personal information when required by law to Supervisory authorities, law enforcement authorities, government organisations and agencies to fulfil our legal and regulatory obligations, as applicable.

  12. How can you manage your marketing communication preferences?

    We will only send you marketing communications if you have requested information from us or if you have given your consent to receive marketing communication from us.

    If you wish to stop receiving marketing communications from us or if you wish to update your marketing communication preferences please write to [email protected] You may also click the Unsubscribe link at the bottom of any marketing email you receive from us.

    If you do not wish to receive our advertisements or notifications within social media, you need to update your preferences on these platforms.

  13. Cookies

    A cookie is a small text file that is placed on the device you use to browse. It collects information about how you navigate the Internet, which helps to tailor content.

    We use cookies on our website to help us enhance your browsing experience by, for example, remembering information about your last visit to our website such as your language, country and past searches. Note that restriction or erasure of cookies may lead to our website not functioning properly on your computer or other device. For more information on how we use cookies, please read our Cookie Policy ; the policy also provides information about how you can manage cookies.

  14. Rights of Data Subjects

    You have rights in relation to your personal information. Please see your rights below:

    1. Right to Access

      You can ask us for confirmation as to whether or not we are processing your Personal data and where this is the case, you can request to receive a copy of the Personal data we hold about you and obtain specific information.

    2. Right for Rectification

      This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data you provide to us before rectifying it.

    3. Request erasure of your Personal data

      This enables you to ask us to delete or remove your Personal data in the following circumstances:

      • It is no longer required for the purpose(s) for which it was collected and there is no lawful and legitimate reason for us continuing to process it;
      • You have successfully exercised your right to object to processing (see below);
      • Processing was based on consent and you have withdrawn your consent;
      • Your Personal data was processed unlawfully; or
      • We are required to erase your Personal data to comply with any of the laws mentioned above.

      Please note that we may not be required to comply with your request to erase personal information if the processing of your personal information is necessary:

      • for compliance with an applicable law; or
      • for the establishment, exercise or defence of legal claims.

    4. Right to Object

      You may object to processing of your Personal data at any time on reasonable grounds relating your particular situation to the processing.

      You also have the right to be informed before your Personal data is disclosed for the first time to third parties or used for the purposes of direct marketing, and subsequently, should you wish so, object to this disclosure and/or use.

      You may object that we take decisions that may have legal or other similar consequences based solely on automated processing (example profiling). This is subject to a few limitations.

      Note that:

      • the right to object applies in certain circumstances only, and its applicability will depend on the purpose of processing and the relevant lawful basis;
      • If you object to the processing of your Personal data and we have no overriding grounds, we will stop processing your Personal data;
      • If we stop processing your data in view of the objection made, we will erase your personal data unless same is also being processed for other purposes.

    5. Right to Restriction

      This enables you to ask us to restrict the processing of your Personal data, but only where:

      • you contest the accuracy of your Personal data and the restriction period allows us to establish the data’s accuracy;
      • our use of the data is unlawful but you do not want us to erase it, and you request for restriction of processing instead;
      • you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
      • you have exercised your right to object and we need to verify whether we have overriding legitimate grounds to continue the processing.

      Please note that we are allowed to continue using your personal information following a request for restriction, where for example:

      • we have your consent to do so;
      • to establish, exercise or defend legal claims;
      • to protect the rights of another person; or

      We shall communicate any restriction of processing, rectification and/or erasure of your Personal data to each recipient to whom the data has been disclosed (if applicable). Additionally, we shall inform you about the recipient(s) upon request.

    6. Right to Withdraw Consent

      Where we are relying on your consent to process your Personal data, you have the right to withdraw your consent at any time. Note however that withdrawal of consent will not affect the lawfulness of processing based on consent prior to the withdrawal.

  15. How to exercise your rights

    To make it easy for a Data Subject to exercise his rights, we have put in place different channels as outlined below:

    • Use the website Contact Us page. The information provided will be sent to our Data Protection Officer who will contact you as soon as possible;
    • Send an email to our Data Protection Officer on [email protected];
    • Call on +230 268 2943 and ask to talk to our Data Protection Officer; or
    • Send a written correspondence to the below address to the attention of the Data Protection Officer:
      Office 401, Level 4 Block D1, Grand Baie La Croisette, Grand Baie, Mauritius

  16. Complaint to the Data Protection Office

    While we did our best to implement appropriate measures to safeguard your Personal data, and allow you to exercise your rights effectively, you have the right to lodge a complaint with the Data Protection Office should you believe that we have breached the Law or your rights.

  17. Change to the Policy

    Kindly note that we may change this policy from time to time and without prior notice. We would therefore encourage you to consult our Website Data Protection Policy periodically to keep up to date with any changes made. If you continue to use our website, we shall take this as an acceptance from your side to the changes made to our policy.

    In case there are any material change in the manner into which we process your Personal data, we will duly inform you of same via email, or another appropriate channel.