Credorax Bank Ltd., and/or Source Ltd., and/or Finaro or any other affiliate which is part of the Credorax Inc., Group, together shall be referred to as “Finaro”, “us”, “our company” or “we”.
Finaro provides payment related services, like card acquiring for businesses known as merchants, payment facilitators and/or payment gateways, banking products and services for banking customers and other ancillary products and services all of which will be referred to as “Finaro Services”.
References to “you” and “your” means each natural or legal person who visits our company’s website, or fills out a form or an application, providing personal data expressing an interest to receive our products or services.
Finaro receives and collects and/or processes and/or retains your personal data, which you provide us in different circumstances in order for Finaro to be able to offer financial services. Finaro is committed to respecting your privacy and protecting your personal data in accordance with the General Data Protection Regulation (GDPR) which governs the provisions of this privacy policy.
This privacy policy will explain the type of data we receive from you and what we do with it; for how long we keep your personal data and what are your rights in this respect.
Topics:
The personal data Credorax receives from you depends on how you are using our services.
Individuals typically interface with Finaro in one of the following ways:
Site Visitor: If you are visiting our website for details about our services, you may be asked to enter your personal details on an online form to receive more information. Cookies may be used to track site usage to assist in product development or monitor behavior for marketing purposes. Visitors from the EU/EEA may initially be asked to expressly consent to cookie usage. More details can be found in our Cookies Policy.
Merchant/ Partner or Bank account customer: you may be a business customer that has consented to Finaro’s terms of service under a merchant or partner application form, or other formal agreement for the provision of the Credorax Services. To set up a merchant or partner account you will need to provide personal details, business data and identifying documentation.
Personal data refers to information about an individual that can lead to the identification of the said individual. It does not include anonymised data.
We process and collect the following types of data:
a. Communication Data: This includes any communication that you send to us, whether it be through the contact form on our websites, through email, text, social media messaging, social media posting or any other communication.
b. Customer [Merchant/Partner] Data: This includes personal data that you provide us in relation to a possible business dealing for receiving our services, such as your name, Identification number, Date of birth, email address, phone number, location (country), personal identification documents and any other personal data and any documents necessary to carry out customer due diligence.
c. User Data: This includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.
d. Technical Data: This includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.
e. Marketing Data This includes data about your preferences in receiving marketing materials from us and our third parties and your communication preferences. We process this data to deliver relevant content and advertisements to you and measure or understand the effectiveness of this advertising.
f. Data processed to provide you services as a customer: If you sign up to become one of our customers, we collect information we need to establish and perform a contract with you, including your contact information, address and, order details, tax information and payment details, use of our products and services and your customer area account, including your login details, and the questions, queries, comments and complaints you send us in relation to our business relationship.
Processing any of the above personal data is only done by Finaro if at least one of the following conditions is satisfied:
a. You have unambiguously given consent to the processing;
b. Processing is necessary for performance of a contract between us or in order to take steps at your request prior to entering into a contract;
c. Processing is necessary for compliance with a legal obligation;
d. Processing is necessary to protect your vital interests or the interests of a third party;
e. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
f. Processing is necessary for a purpose that concerns our legitimate interests or the legitimate interests of a third party, so long as your fundamental rights and freedoms are not infringed.
By receiving and processing your data, we will be complying with data protection legislation, including the 6 main principles of GDPR:
a. To process your personal data lawfully, fairly and in a transparent manner.
b. To collect your personal data only for specific, explicitly stated and legitimate purposes.
c. To only process your personal data to the extent necessary, adequate, and relevant for in relation to the purposes we have advised you about.
d. To keep your personal data accurate and up to date.
e. To keep your personal data only as long as necessary for the purposes we previously disclosed
f. To ensure that your personal data is processed in a secure manner, using appropriate technical and organizational standards.
The data we collect about you is either provided by you directly, or else obtained through publicly accessible channels, such as regulatory authorities and online checks. We may also automatically collect certain data from you as you visit our company’s website by using cookies and similar technologies. For information about cookies please review our Cookies Policy at https://www.Finaro.com/cookiepolicy We collect and process your personal data as a data controller, according to the definition in the GDPR. We collect data and process data when you:
Our Company may also receive your data indirectly from the following sources:
We may have to share your personal data with the parties set out below:
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We may also disclose your personal information to:
Finaro does not sell or otherwise disclose personal information we collect about you except as disclosed in this Privacy Policy or as may be disclosed to you at the time information is collected.
Data that you send us may be stored, processed and/or transferred to other countries where we have operations or where we engage service providers, and your data may be shared with other Finaro affiliates, and/or with other providers of our company, within, and outside the European Economic Area (“EEA”).
For any processing, storing or transferring of data to and from other non-EEA jurisdictions we apply the EU Standard Contractual Clauses mechanism. In addition, we have implemented inter-companies agreements that cover data processing between our group of companies
We take measures to ensure that the data processing, storing and transferring comply with the applicable data protection laws and that your personal data remains protected to the standards specified in this Privacy Policy. In certain circumstances, courts, law enforcement agencies or security authorities may request to access your personal data.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
a. We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
b. Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
c. If we use providers outside of the EEA, we will only transfer data to them, only if we make sure that they have equivalent safeguards in place.
If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Our company collects and processes your personal data to meet our legal, statutory and/or contractual obligations, and/or to provide you with our services if you are interested to become one of our customers or partners.
Our company processes and collects your data so that we can:
If you agree, our company will share your data with our partner companies so that they may offer you their products and services.
Our company securely stores your data by maintaining industry approved safeguards designed to protect the personal information provided or collected against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or misuse. Data is also routinely backed up at secure locations in Europe and outside in accordance with standard industry practice. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any further questions about privacy or security, or have reason to believe your data security has been compromised please contact us immediately by sending an email to: dpo@Finaro.com. We will only retain your personal data for as long as necessary to fulfil the purposes for which it is collected. This includes retaining your data for the purposes of satisfying any legal, accounting, or reporting requirements
When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means, and legal requirements. We also take into consideration best practices applied in the industry.
Finaro stores personal information for as long as necessary to fulfill the purpose for which the personal information was collected and as required or authorized by law. We take measures to delete or permanently de-identify personal information as required by law or if no longer required for the purpose for which it was collected. Certain data relating to transaction records particularly billing and invoice information may be required to be safeguarded for significant periods of time in accordance with standard tax and accounting practices, or to enable the refund and chargeback requests to be processed on behalf of our Merchants or Partners.
Our company would like to send you information about products and services that we think you might be interested in, as well as those of our partner companies. If you have agreed to receive marketing, you may always opt out at a later date. You may receive marketing communications from us if:
and, in each case, you have not opted out of receiving such communications. If you are a legal person, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time. We will also request your consent before we share your personal data with any third party for their own marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by opting out.
As a customer, you will occasionally receive information by email from us, unless you have chosen not to receive such communication, and if you have consented to do so from our group companies too, about products, services and special deals which we think will be of interest to you via our newsletter. You have the right at any time to stop our company from contacting you for marketing purposes or giving your data to other members of our company group. If you are a customer or partner, please note that we may still send you important administrative messages that are required to provide you with our services.
If you no longer wish to be contacted for marketing purposes, please click here marketing@finaro.com.
Our company would like to make sure you are fully aware of all your data protection rights. You are entitled to the following rights:
The right to be informed: You have the right to ask what data we are processing and to whom, if any, we are passing on the data.
The right to access – You have the right to request our company for copies of your personal data.
The right to rectification – You have the right to request that our company corrects any information you believe is inaccurate. You also have the right to request our company to complete information you believe is incomplete.
The right to erasure – You have the right to request that our company erases your personal data, under certain conditions: https://gdpr.eu/article-17-right-to-be-forgotten/ This right may be invoked where the data is no longer necessary for the purpose it was collected, if your consent has been withdrawn, or where the data has been processed unlawfully.
The right to restrict processing – You have the right to request that our company restricts the processing of your personal data, in cases where a dispute or legal case is being concluded or where the data is being corrected, under certain conditions https://gdpr.eu/article-18-right-to-restriction-of-processing/.
The right to object to processing – You have the right to object to our company’s processing of your personal data, under certain conditions: https://gdpr.eu/article-21-right-to-object/.
The right to data portability – You have the right to request that our company transfers the data that we have collected to another organization, or directly to you, in a structured, commonly used, and readable format, under certain conditions: https://gdpr.eu/article-20-right-to-data-portability/.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or if you refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your legal right to exercise any of your data protection rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing as prescribed by law.
Minors
Finaro does not provide services, or actively market to children and we never knowingly ask a child under 13 to divulge personal information. Services and information available to registered users on this site are NOT INTENDED FOR USE BY ANY PERSON UNDER THE AGE OF 18.
Please note that if it comes to our attention through reliable means that a registered user is under 18, we will cancel that user’s account. Online payment transaction forms are not provided for use in any event by persons under 18 years of age. BY PROVIDING US WITH YOUR DATA, YOU WARRANT TO US THAT YOU ARE OVER 18 YEARS OF AGE.
Our company website contains links to third party websites, plug-ins and/or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. Our privacy policy applies only to our website.
Our company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on September 2020. If our Privacy Policy changes, we will post a dated copy here, and you are advised to visit this page regularly to check for updates.
We have appointed a data protection officer to oversee compliance with this privacy policy and with EU and national laws on data protection. If you have any questions about this privacy policy or how we handle your personal information, or if you would like to exercise any of these rights, please contact our DPO by Email: dpo@finaro.com
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that our company has not addressed your concern in a satisfactory manner, you may contact the Office of the Information and Data Protection Commissioner in Malta at: Email: idpc.info@idpc.org.mt Phone number: (+356) 2328 7100
If you are a California resident, you may request from us certain data that we collect about you, or request to delete data, opt-out of the sale of personal data and the right to non-discrimination. Additional information about the CCPA can be found here: https://oag.ca.gov/privacy/ccpa
In our Privacy Policy and Cookies Policy we have indicated the categories and types of personal data collected about you, the purpose for collecting this data, and your rights relating to our collection of data. We do not sell any personal data.
For any request you may have in connection with the aforesaid, you may contact us at dpo@finaro.com. We may need to verify your identity before responding to your request. If you are a current merchant/partner or banking customer, you may also directly contact your account manager at finaro.