GoMatrix App - Forex Privacy Policy
PRIVACY STATEMENT | MATRIX FOREX SERVICES PRIVATE LIMITED
1. INTRODUCTION
1.1. This Privacy Statement (Privacy Statement) describes how Matrix Forex Services Private Limited (Matrix or we/us/our) processes your Personal Data (as defined hereinafter) and the choices you have about such processing.
1.2. We appreciate that you trust us with your information. Protecting your information is our top priority because we want to keep your trust.
1.3. We design our products and services with data protection in mind. We work hard to keep your information secure. We regularly monitor and update our security practices to help protect your privacy.
1.4. Throughout this Privacy Statement, we use the following terms with the following meanings:
1.4.1. Personal Data means information that identifies or can be used to identify an individual natural person. Personal Data includes direct identifiers (such as name) and indirect identifiers (such as computer or mobile device ID or IP address);
1.4.2. processing (and its other forms, such as process and processed) means any operation (or set of operations) performed on Personal Data, such as collecting, combining, and storing;
1.4.3. you or user means the natural person whose Personal Data is collected.
2. LAWS APPLICABLE TO PERSONAL DATA IN INDIA
2.1. The extant law in India, i.e., the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), regulate a subset of Personal Data categorized as “Sensitive Personal Data or Information.”
2.2. “Sensitive Personal Data or Information” is defined as Personal Data that consists of:
2.2.1. passwords;
2.2.2. financial information (such as bank account, credit card, debit card or other payment instrument details);
2.2.3. physical, physiological and mental health conditions;
2.2.4. sexual orientation;
2.2.5. medical records and history,
2.2.6. biometric information, and;
2.2.7. any details relating to the information as received by us for providing service or for processing/ storing under a lawful contract.
2.3. For all residents of India, the term Personal Data as defined in this Privacy Statement should accordingly be read to mean Sensitive Personal Data or Information (as set out above) till the complete enforcement of the Digital Personal Data Protection Act 2023 (DPDPA), read with the Digital Personal Data Protection Rules, 2025 (DPDP Rules), by May 12, 2027. After May 12, 2027, the DPDPA and the DPDP Rules shall eclipse the extant laws set out above and regulate all classes of Personal Data as defined in this Privacy Statement.
3. SECURITY STANDARDS
3.1. We have undertaken and implemented all reasonable security measures that are commensurate with the sensitivity of Personal Data being collected, stored or processed by us.
4. PERSONAL DATA WE COLLECT
4.1. For In-Person Verification (IPV) of users, we collect the following Personal Data for the delivery of foreign exchange:
4.1.1. Passport of the individual;
4.1.2. VISA and details incidental to it;
4.1.3. copy of PAN card issued by the Income Tax Department; and
4.1.4. a copy of your travel ticket.
4.2. For the virtual know-your customer of the user, we collect government issued identity cards and associated information in addition to the Personal Data set out in clause 4.1 above. We ensure that the processing of Aadhaar-related data is undertaken in compliance with the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, read with the rules and regulations framed thereunder.
4.3. During sign-up for our platform, you may provide information about yourself such as your name and email address, and as you continue to engage with it, we also collect additional details you provide including your name, address, email address, phone number, financial information (such as credit card or debit card details), payment reason, geographical location, and a photograph.
5. CONSENT FOR COLLECTION OF PERSONAL DATA
5.1. Prior to collecting Personal Data, we will obtain your express consent regarding the intended usage of the Personal Data in writing from you, through a clear and affirmative action. The Personal Data will only be (a) collected for a lawful purpose connected with an activity of the corporate entity or any person on its behalf and (b) considered necessary for such lawful purpose or is being processed under a contract.
5.2. At the time the consent is collected, we will take all reasonable measures to ensure you understand the purpose for which the Personal Data is being collected, the intended recipients of the Personal Data, and the name and address of the agency collecting and retaining the Personal Data.
5.3. We will endeavour to ensure that the consent given by you shall be free, specific, informed, unconditional, and unambiguous, with explicit affirmative action, and shall signify your agreement to the processing of the Personal Data for the specified purpose and shall be limited to such Personal Data as is necessary for such specified purpose.
6. PURPOSE FOR USE OF PERSONAL DATA
6.1. We process your Personal Data for the following purposes:
6.1.1. For the delivery of foreign exchange as per the guidelines of the Reserve Bank of India, specifically under the Foreign Exchange Management Act, 1999. All Personal Data is stored or used for processing orders, and under no circumstances are any of these details made available in the public domain. We may use this Personal Data to send you further information regarding our services.
6.2. Additionally, the Personal Data collected from you may be processed for the following legitimate uses in addition to the purposes provided by us to you:
6.2.1. for the specified purpose for which you voluntarily provided the Personal Data to us, and in respect of which you have not indicated to us that you do not consent to the use of such Personal Data;
6.2.2. for the performance by the government or any of its instrumentalities of any function under any law for the time being in force in India, or in the interest of the sovereignty, security, or integrity of India;
6.2.3. for fulfilling any obligation under any law for the time being in force in India on any person to disclose any information to the government or any of its instrumentalities, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force;
6.2.4. for compliance with any judgment, decree or order issued under any law for the time being in force in India, or any judgment or order relating to claims of a contractual or civil nature under any law for the time being in force outside India;
6.2.5. for responding to a medical emergency involving a threat to life or an immediate threat to the individual user providing the Personal Data or to safeguard any other individual’s life in an emergency;
6.2.6. for taking measures to provide medical treatment or health services to you or any other person during an epidemic, outbreak of disease, or any other threat to public health; or
6.2.7. for taking measures to ensure the safety of you or any other person, or to provide assistance or services to you or any other person during any disaster, or any breakdown of public order.
7. DISCLOSURE OF PERSONAL DATA
7.1. We may disclose your Personal Data for forex card sale, with partner banks, as required by them for the fulfilment of the purposes set out in this Privacy Statement. We may also disclose such Personal Data to such partner banks for auditing, upon their request.
7.2. We may also disclose your Personal Data to any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation, or other regulatory authority, law enforcement agency, or similar body. As set out above, the disclosure of Personal Data for such purpose can be undertaken without your consent.
7.3. We may disclose your Personal Data to our professional advisers or consultants, including lawyers, accountants, insurers, and information technology and system administrators providing consultancy, legal, banking, audit, accounting, insurance, or other services to us. However, the disclosure of Personal Data for the limited purposes set out in this clause will be limited and done on a ‘need-to-know’ basis.
7.4. Unless provided otherwise, we ensure that third parties, with whom Personal Data is shared, (i) do not transfer onward/share/disclose Personal Data with any other parties, except after obtaining separate consent from you, and (ii) are contractually engaged with us for the fulfilment of a lawful purpose.
8. RIGHTS OF INDIVIDUALS PROVIDING PERSONAL DATA
8.1. You have the following rights pursuant to this Privacy Statement:
8.1.1. The right to request access to the Personal Data we hold about you.
8.1.2. The right to make a request to Matrix for the completion of any incomplete Personal Data, in addition to the right to update, correct, and erase your Personal Data as provided under this Privacy Statement.
8.1.3. The right to access a grievance redressal mechanism and access to a grievance officer for complaints against Matrix in its treatment of your Sensitive Personal Data or Information. We will make our best effort to resolve your grievances within a reasonable period of time and will address your query within a period of 30 (thirty) days.
8.1.4. In the event you are not satisfied with our resolution of your grievances, you have the right to escalate your grievance to the Data Protection Board of India.
8.1.5. The ability to nominate any other individual as an agent, who, in case of your death or incapacity, can exercise your rights on your behalf when dealing with Matrix.
8.1.6. The right to provide, review, withdraw, or manage any consent you have given, through a consent manager.
8.1.7. The right to withdraw consent for the processing of Personal Data, comparable to the ease with which the consent to process the Personal Data was given by you.
8.1.8. The right to make a complaint to the Data Protection Board of India against any Personal Data processing practices of Matrix.
8.2. You can assert these rights at any time, through our website, provided that you send us a copy of an identification with your request and comply with any other applicable requirements under law or regulation. We may charge a fee for access requests if permitted under relevant legislation or regulation.
9. PROCESSING OF PERSONAL DATA OF CHILDREN
9.1. In case we process the Personal Data of a child (i.e., any individual under the age of 18 years) or a person with a disability, we do so after obtaining the verifiable consent of their parent or legal guardian, as the case may be.
9.2. We ensure that any children’s Personal Data is not processed in a manner that (i) tracks or engages in behavioural monitoring of children or uses targeted advertising directed at children or (ii) is likely to cause any detrimental effect on the well-being of the child.
10. DATA RETENTION AND PURPOSE LIMITATION
10.1. In accordance with guidelines issued by the Reserve Bank of India (RBI), we retain specific categories of Personal Data for a period of 8 (eight) years, unless retention for a longer period is mandated as per laws applicable at the time.
10.2. Additionally, for all categories of Personal Data not covered under clause 10.1 above, unless retention of Personal Data is required for compliance with any legal requirement, we erase Personal Data if:
10.2.1. the specified purpose (as per the Privacy Statement) is no longer served, or
10.2.2. you withdraw your consent for the processing of your Personal Data.
11. ACCURACY OF PERSONAL DATA
11.1. While we bear the responsibility under applicable laws in India to ensure the completeness, accuracy, and consistency of the Personal Data provided by you, we cannot comply with this obligation without your cooperation. Accordingly, we ensure that you acknowledge and agree that you are responsible for ensuring that the Personal Data provided to us is correct, accurate, and complete, and that you will cooperate with us to ensure that such Personal Data remains correct, accurate, and complete till such time as such Personal Data is retained by us.
11.2. We may deploy measures to ensure that you agree and undertake that the Personal Data shared by you does not infringe any laws, and in case of any infringement, furnishing or unlawful or unauthorized information, we shall not be liable to you or any third party for the same.
12. DIRECT MARKETING
12.1. As per applicable Indian laws, businesses need to be registered with the telecom service providers or can use registered telemarketers to send advertising or business soliciting calls or text messages (commercial communication) (using telecommunication services such as call or text). You may register your preferences with telecom service providers for (i) the categories of commercial communications, (ii) modes of communication, and (iii) the preferred time slots within which they can receive commercial communications.
12.2. Telecom service providers that we use shall ensure that your individual preferences registered and recorded are given effect. As a result, businesses in India can send commercial communications to individuals only as per their preferences registered with the telecom service providers, and therefore, express opt-in consent is required for sending any commercial communications to users.
12.3. While commercial communications sent via emails or post are not specifically regulated in India, as a good practice, we shall request express, opt-in consent from you and/or offer an ‘unsubscribe’ button.
13. GRIEVANCE OFFICER/MATRIX REPRESENTATIVE
13.1. In case you have any questions, discrepancies, or grievances concerning the processing of their Personal Data, you are entitled to contact our grievance officer/representative of Matrix for the effective and speedy resolution of the concerns in accordance with applicable law. We will respond to you according to the timelines set out in clause 8.1.3 of this Privacy Statement.
13.2. Business contact information of the grievance officer/Matrix’s representative:
Name: [Archna Singh]
Email: [archna.singh@matrix.in]
14. CROSS-BORDER TRANSFERS
14.1. For any transfer of Personal Data of Indian individuals outside of India, we will ensure that:
14.1.1. the same level of data protection is followed by the overseas recipient, as is followed by the Matrix entity in India;
14.1.2. that the Personal Data is not transferred to a country that is notified as restricted by the Indian Government; and
14.1.3. cross-border transfer of Personal Data is undertaken in accordance with any conditions specified by the Government of India.
15. CYBERSECURITY INCIDENTS AND DATA BREACHES
15.1. If a security incident that occurs within the territory of India or impacts computer(s), computer system(s), or computer network(s) located in India shall be reported by Matrix’s legal representatives or the grievance officer in accordance with the manner prescribed as per applicable laws.
15.2. Separately, in the event of a breach of any Personal Data, we will provide the Data Protection Board of India and the individual user whose Personal Data has been breached, an intimation of such breach in the manner and timelines as are prescribed under applicable laws. Please ensure that you immediately alert our legal representatives or grievance officer to allow them to proceed with notifying the individual user and the relevant authorities.
**************
