Privacy Policy

Last updated: April 2026 

1.  Introduction

Diginex Limited, a company incorporated in the Cayman Islands, together with its subsidiaries and affiliated entities (collectively, “Diginex”, “we”, “us”, or the “Group”), is committed to protecting personal data and respecting privacy rights.

This Privacy Policy describes how we collect, use, disclose, and otherwise process personal data in connection with:

• websites operated by us (the “Websites”)
• software applications, SaaS platforms, and related products (the “Platforms”)
• communications, events, and business interactions

(collectively, the “Services”).

This Privacy Policy applies to the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”), the UK GDPR, and other applicable privacy laws.

Diginex processes personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality.

In this Privacy Policy, “you” refers to any individual whose personal data is processed by Diginex, including users of the Services, customer representatives, and website visitors.

2.  Roles and Responsibilities (Controller / Processor Framework)

Depending on the context of your interaction with us:

• Diginex acts as a data controller where we determine the purposes and means of processing (e.g. website usage, marketing, business contacts, account management);
• Diginex acts as a data processor where we process personal data on behalf of our customers through the Platforms;
• Diginex entities may act as joint controllers in certain cases where Services are delivered jointly across the Group.

Where Diginex acts as a processor, processing is governed by a Data Processing Agreement (“DPA”) entered into with the relevant customer in accordance with Article 28 GDPR and other applicable data protection laws.

Where Diginex entities act as joint controllers, they have entered into arrangements to determine their respective responsibilities for compliance with applicable data protection laws, including with respect to the exercise of data subject rights.

For the purposes of applicable data protection laws, the relevant Diginex entity with which you contract or otherwise interact will act as the data controller. 

3. Data Controller and Contact

The primary contact point for data protection matters is:

Diginex Solutions (HK) Limited
Smart-Space Fintech 2, Cyberport 3
Hong Kong

privacy@diginex.com

Depending on the Services and contractual relationships, other Diginex entities may act as controllers or joint controllers.

4. EU Representative

As Diginex does not have a main establishment in the European Union, it has appointed a representative in accordance with Article 27 GDPR:

Plan A Earth GmbH

Leipziger Platz 16

10117 Berlin, Germany

legal@plana.earth

Where required under applicable law, specific Diginex entities may appoint a Data Protection Officer.

5. Categories of Personal Data

We process the following categories of personal data:

5.1 Identification and Contact Data

• Name, job title, company name
• Email address, phone number
• Postal address, country

5.2  Account and Customer Data

• User credentials (username, password – encrypted)
• Account settings and preferences
• Subscription and contract information

5.3  Transaction and Billing Data

• Billing address and invoicing data
• Payment data is processed via third-party payment service providers. Diginex does not intentionally store full payment card details and relies on such providers to process payments in accordance with applicable security standards (including PCI-DSS where applicable).

5.4 Usage and Technical Data

• IP address
• Device and browser type
• log files, session data, timestamps
• interaction with the Services

5.5 Communication Data

• correspondence (emails, support tickets, meeting notes)
• feedback, surveys, and inquiries

5.6 Marketing and Preference Data

• marketing preferences
• newsletter subscriptions
• event participation

5.7 Customer Content (SaaS)

Where customers use our Platforms, we may process personal data included in customer-uploaded content.

In such cases, Diginex acts as a data processor, and the customer acts as the data controller.

6.  How We Collect Personal Data

We collect personal data:

• directly from you (e.g. account registration, contact forms)
• through your use of the Services
• from third parties (e.g. business partners, data providers, public sources)
• through automated means (e.g. cookies, analytics tools)

You represent that you are authorised to provide any personal data relating to third parties.

Where personal data is not collected directly from you, it may originate from business partners, publicly available sources, or service providers.

7. Purposes and Legal Bases of Processing

We process personal data for the following purposes:

7.1 Provision of Services

• account creation and management
• access to Platforms and functionalities
• customer support

Legal basis: performance of a contract

7.2 Customer Relationship Management

• handling inquiries and requests
• managing business relationships

Legal basis: performance of a contract and legitimate interests

7.3 Product Improvement and Analytics

• analysing usage trends
• improving functionality and user experience
• developing new features

Legal basis: legitimate interests

7.4 Marketing and Communications

• sending newsletters and updates
• event invitations
• marketing campaigns

Legal basis: consent (where required) and legitimate interests

7.5 Compliance and Legal Obligations

• compliance with applicable laws and regulations
• responding to authorities and enforcement requests

Legal basis: legal obligation

7.6 Security and Fraud Prevention

• monitoring systems
• preventing unauthorised access or misuse

Legal basis: legitimate interests and legal obligations

Where we rely on legitimate interests, these interests include operating and improving our Services, ensuring security, and managing our business relationships, and we ensure that such interests are not overridden by your rights and freedoms.

8. Disclosure of Personal Data

We may disclose personal data to:

8.1 Group Entities

Diginex affiliates for internal administrative purposes and service delivery.

8.2 Service Providers (Processors)

Including:

• cloud hosting providers
• IT and security providers
• CRM and customer support platforms
• analytics and marketing providers

All such providers are subject to data processing agreements in accordance with Article 28 GDPR.

A list of key subprocessors is available upon request.

8.3 Business Partners

Where required for joint offerings or services.

8.4 Authorities and Legal Requests

Where required by law or to protect legal rights.

8.5 Corporate Transactions

In connection with mergers, acquisitions, or restructuring.

9.  International Data Transfers

Due to our global operations, personal data may be transferred outside the EEA and UK, including to:

• Hong Kong
• United States
• Cayman Islands
• other jurisdictions where the Group operates

Where required, we implement appropriate safeguards, including:

• European Commission adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs)
• Transfer Impact Assessments (TIAs)
• supplementary technical and organisational measures

You may request a copy of the relevant safeguards (such as Standard Contractual Clauses) by contacting us.

10. Data Retention

We retain personal data only for as long as necessary to:

• fulfil the purposes outlined in this Policy
• comply with legal and regulatory obligations
• establish, exercise, or defend legal claims

Retention periods are determined based on:

• the duration of the contractual relationship
• statutory limitation periods
• regulatory requirements
• business needs and good practice

‍

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• role-based access controls
• encryption where appropriate
• secure cloud infrastructure
• monitoring and incident response procedures

These measures form part of Diginex’s broader cybersecurity and risk management framework aligned with its obligations as a publicly listed company. 

In the event of a personal data breach, Diginex will take appropriate measures in accordance with applicable data protection laws, including notification where required.

Diginex maintains internal policies and procedures to ensure ongoing compliance with applicable data protection laws across the Group.

12. Data Subject Rights

Under applicable data protection laws (including GDPR and UK GDPR), you may have the right to:

• access your personal data
• request rectification
• request erasure
• restrict processing
• object to processing
• request data portability
• withdraw consent at any time

Requests can be submitted to:
privacy@diginex.com

We will respond to your request without undue delay and in any event within one (1) month of receipt, in accordance with applicable data protection laws. This period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests.

You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

13.  Cookies and Tracking Technologies

We use cookies and similar technologies to:

• ensure functionality of the Services
• analyse usage
• personalise user experience

Where required by applicable law (e.g. under the ePrivacy Directive), we obtain your prior consent before placing non-essential cookies.

Further details are available in our Cookie Policy.

14.  Artificial Intelligence

Diginex may use AI-enabled tools to enhance its Services.

Where such tools are used:

• personal data is processed in accordance with this Policy
• safeguards are implemented to prevent unauthorised use or retention

Diginex does not use personal data for training AI models unless explicitly agreed with the relevant customer.

Diginex does not carry out automated decision-making, including profiling, that produces legal or similarly significant effects on individuals within the meaning of applicable data protection laws.

15.  Sensitive Data

We do not intentionally collect sensitive personal data unless required and permitted by law.

Users should not provide sensitive personal data unless specifically requested and legally required.

16.  Third-Party Services

Our Services may integrate with or link to third-party services.

Diginex is not responsible for the privacy practices of third-party services.

17.  Changes to this Policy

We may update this Privacy Policy from time to time.

Where changes are material, we will notify users appropriately.

18.  Contact

For any questions regarding this Privacy Policy:

privacy@diginex.com

‍