Privacy Policy

Last updated: July 2026

Home

This Privacy Policy describes how URMS (“we”, “us”, or “our”) collects, uses, and discloses information when you use the URMS admin application. We are committed to safeguarding the privacy of all users, including system administrators, agents, partners, and the entities whose data is processed through our platform.

Information We Collect

We collect and process information across several categories of users and stakeholders within the URMS ecosystem. The scope and nature of data collected depend on the user role and the services rendered:

Administrator Data

  • Full name, corporate email address, and administrative role designation.
  • Authentication credentials, including cryptographically hashed passwords and session tokens, to secure access to the administrative dashboard.
  • Audit logs capturing administrative actions, including system configuration changes, user account modifications, and access timestamps.
  • Internet Protocol (IP) addresses, device fingerprints, and browser metadata for security monitoring and anomaly detection.
  • Communication records and correspondence initiated through the platform for support and compliance purposes.

Agent Data

  • Personal identification information, including full name, government-issued identification numbers, and professional credentials or licenses.
  • Contact details such as personal and business telephone numbers, email addresses, and physical addresses.
  • Account authentication data, including encrypted passwords, multi-factor authentication tokens, and account recovery information.
  • Transactional history and assignment records pertaining to services rendered or facilitated through the platform.
  • Geolocation data and device information collected during platform usage for verification and fraud prevention.
  • Background verification data and compliance documentation submitted during the onboarding process.

Partner Data

  • Organizational details, including registered business name, tax identification numbers, corporate structure, and business registration documents.
  • Primary contact information for authorized representatives, including names, official titles, direct contact numbers, and corporate email addresses.
  • Financial data required for transactional purposes, including banking details, invoicing addresses, and payment processing information.
  • Service-level agreements, contractual documents, and compliance certifications governing the partnership relationship.
  • Performance metrics, commission structures, and reconciliation reports generated in the course of business operations.
  • Communication logs, meeting records, and correspondence maintained for business continuity and dispute resolution.

Entity Data

  • Business registration particulars, including legal entity name, incorporation number, registered address, and jurisdiction of incorporation.
  • Beneficial ownership information and organizational hierarchy details to satisfy regulatory compliance and know-your-customer (KYC) obligations.
  • Operational data such as transaction volumes, revenue reports, financial statements, and business activity records.
  • Designated representative information, including names, contact details, and authorization documents for individuals acting on behalf of the entity.
  • Tax-related documentation, including tax clearance certificates, VAT registration numbers, and historical tax filings.
  • Due diligence records, risk assessment profiles, and ongoing compliance monitoring data collected pursuant to applicable regulations.

How We Use Information

  • To authenticate authorized users, manage account credentials, and enforce role-based access controls across the platform.
  • To facilitate revenue collection, agent onboarding, partner reconciliation, and entity management operations.
  • To comply with legal and regulatory obligations, including anti-money laundering (AML) and counter-terrorism financing (CTF) requirements.
  • To conduct system audits, generate performance analytics, and continuously improve platform reliability and security.
  • To communicate important service updates, policy changes, and account-related notifications to relevant stakeholders.

Data Retention

We retain personal and organizational data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by applicable law. Retention schedules are determined based on the nature of the data, legal obligations, and operational requirements. Upon expiration of the applicable retention period, data is securely deleted or anonymized.

Data Sharing and Disclosure

We do not sell personal information to third parties. We may share information with:

  • Regulatory authorities and law enforcement agencies as required by applicable law or in response to valid legal requests.
  • Service providers and subcontractors who perform functions on our behalf, subject to contractual data protection obligations.
  • Affiliated entities within the URMS group of companies for legitimate business purposes consistent with this policy.

Security

We implement and maintain commercially reasonable administrative, technical, and physical security measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, regular security assessments, access control mechanisms, and employee training on data protection practices. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • The right to access, correct, or update your personal data held by us.
  • The right to request deletion of your personal data, subject to legal retention obligations.
  • The right to restrict or object to the processing of your personal data in certain circumstances.
  • The right to data portability, where technically feasible.
  • The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact the system administrator through the account management interface or using the contact details provided below. We will respond to your request within the timeframe prescribed by applicable law.

Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data handling practices, please contact the application administrator or our Data Protection Officer at:

URMS Data Protection Office
Email: privacy@urms.com
Address: [Registered Business Address]

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated through the application or via email to registered users. Continued use of the application after such changes constitutes acceptance of the updated policy.