Privacy Policy

Credorax Bank Ltd., and/or Source Ltd., and/or Finaro or any other affiliate which is part of the Credorax Inc., Group, together shall be referred to as “Finaro”, “us”, “our company” or “we”.

Finaro provides payment related services, like card acquiring for businesses known as merchants, payment facilitators and/or payment gateways, banking products and services for banking customers and other ancillary products and services all of which will be referred to as “Finaro Services”.

References to “you” and “your” means each natural or legal person who visits our company’s website, or fills out a form or an application, providing personal data expressing an interest to receive our products or services.

Finaro receives and collects and/or processes and/or retains your personal data, which you provide us in different circumstances in order for Finaro to be able to offer financial services. Finaro is committed to respecting your privacy and protecting your personal data in accordance with the General Data Protection Regulation (GDPR) which governs the provisions of this privacy policy.

This privacy policy will explain the type of data we receive from you and what we do with it; for how long we keep your personal data and what are your rights in this respect.


  • Finaro Services and You
  • What is personal data; what types of data do we collect?
  • Data Protection Principles
  • How do we collect your data?
  • Who do we share your data with?
  • Transfer of data outside of the EEA
  • Why do we process and collect your data?
  • How long is personal data retained?
  • Marketing
  • What are your data protection rights?
  • Minors
  • Privacy Policies and other websites
  • Changes to our privacy policy
  • How to contact us
  • How to contact the appropriate authority
  • CCPA

Finaro Services and You

The personal data Credorax receives from you depends on how you are using our services.
Individuals typically interface with Finaro in one of the following ways:
Site Visitor: If you are visiting our website for details about our services, you may be asked to enter your personal details on an online form to receive more information. Cookies may be used to track site usage to assist in product development or monitor behavior for marketing purposes. Visitors from the EU/EEA may initially be asked to expressly consent to cookie usage. More details can be found in our Cookies Policy.

Merchant/ Partner or Bank account customer: you may be a business customer that has consented to Finaro’s terms of service under a merchant or partner application form, or other formal agreement for the provision of the Credorax Services. To set up a merchant or partner account you will need to provide personal details, business data and identifying documentation.

What is personal data, and what types of data do we collect?

Personal data refers to information about an individual that can lead to the identification of the said individual. It does not include anonymised data.

We process and collect the following types of data:

a. Communication Data: This includes any communication that you send to us, whether it be through the contact form on our websites, through email, text, social media messaging, social media posting or any other communication.

b. Customer [Merchant/Partner] Data: This includes personal data that you provide us in relation to a possible business dealing for receiving our services, such as your name, Identification number, Date of birth, email address, phone number, location (country), personal identification documents and any other personal data and any documents necessary to carry out customer due diligence.

c. User Data: This includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services.

d. Technical Data: This includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system.

e. Marketing Data This includes data about your preferences in receiving marketing materials from us and our third parties and your communication preferences. We process this data to deliver relevant content and advertisements to you and measure or understand the effectiveness of this advertising.

f. Data processed to provide you services as a customer: If you sign up to become one of our customers, we collect information we need to establish and perform a contract with you, including your contact information, address and, order details, tax information and payment details, use of our products and services and your customer area account, including your login details, and the questions, queries, comments and complaints you send us in relation to our business relationship.

Processing any of the above personal data is only done by Finaro if at least one of the following conditions is satisfied:

a. You have unambiguously given consent to the processing;

b. Processing is necessary for performance of a contract between us or in order to take steps at your request prior to entering into a contract;

c. Processing is necessary for compliance with a legal obligation;

d. Processing is necessary to protect your vital interests or the interests of a third party;

e. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;

f. Processing is necessary for a purpose that concerns our legitimate interests or the legitimate interests of a third party, so long as your fundamental rights and freedoms are not infringed.

Data protection principles

By receiving and processing your data, we will be complying with data protection legislation, including the 6 main principles of GDPR:

a. To process your personal data lawfully, fairly and in a transparent manner.

b. To collect your personal data only for specific, explicitly stated and legitimate purposes.

c. To only process your personal data to the extent necessary, adequate, and relevant for in relation to the purposes we have advised you about.

d. To keep your personal data accurate and up to date.

e. To keep your personal data only as long as necessary for the purposes we previously disclosed

f. To ensure that your personal data is processed in a secure manner, using appropriate technical and organizational standards.

How do we collect your data?

The data we collect about you is either provided by you directly, or else obtained through publicly accessible channels, such as regulatory authorities and online checks. We may also automatically collect certain data from you as you visit our company’s website by using cookies and similar technologies. For information about cookies please review our Cookies Policy at We collect and process your personal data as a data controller, according to the definition in the GDPR. We collect data and process data when you:

  • Fill in your details on our company website to contact us regarding queries or support requests, comments or complaints
  • Fill out an application to become a customer and provide us due diligence information and documentation
  • Sign up for our newsletter
  • Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
  • Use or view our website via our browser’s cookies
  • Send us your resume for a job application
  • send us messages or other communications
  • sign up on any of our social media channels


Our Company may also receive your data indirectly from the following sources:

  • Marketing partners
  • Events

Who do we share your data with?

We may have to share your personal data with the parties set out below:

  • Service providers who provide IT and system administration services;
  • Professional advisers including lawyers, bankers, auditors and insurers;
  • Government bodies that require us to report processing activities;
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets;
  • Other, in which case the aforementioned rights must still be respected.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

We may also disclose your personal information to:

  • a prospective buyer of our business or a buyer of a substantial number of the shares in our business;
  • the police, other lawful enforcement body, regulatory body or court if we are under a duty to disclose or share your personal data, or to protect the rights, property, or safety of ourselves or our group companies, our customers, or others;
  • tax authorities, more specifically financial information and transactions, in line with FATCA/ CRS provisions
  • third parties who referred you to us initially and to whom we owe a commission payment as a result of the referral. Where the commission payment is based on transaction volumes, numbers or types of transactions, we may share that information with that third party.
  • Partners that work with us and you specifically agreed to have your information sent to


Finaro does not sell or otherwise disclose personal information we collect about you except as disclosed in this Privacy Policy or as may be disclosed to you at the time information is collected.

Transfer of data outside of the EEA

Data that you send us may be stored, processed and/or transferred to other countries where we have operations or where we engage service providers, and your data may be shared with other Finaro affiliates, and/or with other providers of our company, within, and outside the European Economic Area (“EEA”).

For any processing, storing or transferring of data to and from other non-EEA jurisdictions we apply the EU Standard Contractual Clauses mechanism. In addition, we have implemented inter-companies agreements that cover data processing between our group of companies

We take measures to ensure that the data processing, storing and transferring comply with the applicable data protection laws and that your personal data remains protected to the standards specified in this Privacy Policy. In certain circumstances, courts, law enforcement agencies or security authorities may request to access your personal data.

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:

a. We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or

b. Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or

c. If we use providers outside of the EEA, we will only transfer data to them, only if we make sure that they have equivalent safeguards in place.

If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

Why do we process and collect your data?

Our company collects and processes your personal data to meet our legal, statutory and/or contractual obligations, and/or to provide you with our services if you are interested to become one of our customers or partners.

Our company processes and collects your data so that we can:

  • Email you with special offers on services we think you might be interested in
  • Analyze how visitors use a website; deliver relevant website content and advertisements, measure the effectiveness of the advertisement
  • Serve ads through ad platforms on other sites
  • Learn your location for optimization purpose
  • Respond to your questions, comments or complaints
  • Assess your application to become a customer or a partner and for managing our internal administration system, or for engaging in contractual negotiations with you, and setting up our services for you, collecting documentation for the prevention of Anti-Money Laundering (“AML”) and carry out related checks
  • If you already are a customer or a partner, we may contact you in relation to a relevant new service, or to set up our products and services for you, including to provide you with support, boarding, integration, installation, helping you with settings, and other actions which need to be taken to establish or perform our contract with you and providing you with support, optimizing and improving our products and services.
  • If you are not a merchant or a partner, we may contact you with offers about our services if you have given us permission to do so
  • Operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business
  • Other purposes such as our legitimate interest to protect our legal rights in connection with any claims and legal obligation to process your data. We may also transfer your data in the event of a company reorganization, merger, sale , or to partners with your consent, when we believe in good faith that disclosure is necessary to protect our rights, prevent harm of financial loss, protect your safety or the safety of others or investigate fraud or cooperate with law enforcement or government agencies, or in connection with an investigation of suspected or actual fraudulent or illegal activity.


If you agree, our company will share your data with our partner companies so that they may offer you their products and services.

How do we store your data?

Our company securely stores your data by maintaining industry approved safeguards designed to protect the personal information provided or collected against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or misuse. Data is also routinely backed up at secure locations in Europe and outside in accordance with standard industry practice. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any further questions about privacy or security, or have reason to believe your data security has been compromised please contact us immediately by sending an email to: We will only retain your personal data for as long as necessary to fulfil the purposes for which it is collected. This includes retaining your data for the purposes of satisfying any legal, accounting, or reporting requirements

When deciding what the correct time is to keep the data for, we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, if these can be achieved by other means, and legal requirements. We also take into consideration best practices applied in the industry.

How long is personal data retained?

Finaro stores personal information for as long as necessary to fulfill the purpose for which the personal information was collected and as required or authorized by law. We take measures to delete or permanently de-identify personal information as required by law or if no longer required for the purpose for which it was collected. Certain data relating to transaction records particularly billing and invoice information may be required to be safeguarded for significant periods of time in accordance with standard tax and accounting practices, or to enable the refund and chargeback requests to be processed on behalf of our Merchants or Partners.


Our company would like to send you information about products and services that we think you might be interested in, as well as those of our partner companies. If you have agreed to receive marketing, you may always opt out at a later date. You may receive marketing communications from us if:

  • You have made use of our services or asked for information from us about our services; or
  • You agreed to receive marketing communications;

and, in each case, you have not opted out of receiving such communications. If you are a legal person, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time. We will also request your consent before we share your personal data with any third party for their own marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by opting out.

As a customer, you will occasionally receive information by email from us, unless you have chosen not to receive such communication, and if you have consented to do so from our group companies too, about products, services and special deals which we think will be of interest to you via our newsletter. You have the right at any time to stop our company from contacting you for marketing purposes or giving your data to other members of our company group. If you are a customer or partner, please note that we may still send you important administrative messages that are required to provide you with our services.

If you no longer wish to be contacted for marketing purposes, please click here

What are your data protection rights?

Our company would like to make sure you are fully aware of all your data protection rights. You are entitled to the following rights:

The right to be informed: You have the right to ask what data we are processing and to whom, if any, we are passing on the data.

The right to access – You have the right to request our company for copies of your personal data.

The right to rectification – You have the right to request that our company corrects any information you believe is inaccurate. You also have the right to request our company to complete information you believe is incomplete.

The right to erasure – You have the right to request that our company erases your personal data, under certain conditions: This right may be invoked where the data is no longer necessary for the purpose it was collected, if your consent has been withdrawn, or where the data has been processed unlawfully.

The right to restrict processing – You have the right to request that our company restricts the processing of your personal data, in cases where a dispute or legal case is being concluded or where the data is being corrected, under certain conditions

The right to object to processing – You have the right to object to our company’s processing of your personal data, under certain conditions:
The right to data portability – You have the right to request that our company transfers the data that we have collected to another organization, or directly to you, in a structured, commonly used, and readable format, under certain conditions:

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or if you refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your legal right to exercise any of your data protection rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing as prescribed by law.


Finaro does not provide services, or actively market to children and we never knowingly ask a child under 13 to divulge personal information. Services and information available to registered users on this site are NOT INTENDED FOR USE BY ANY PERSON UNDER THE AGE OF 18.

Please note that if it comes to our attention through reliable means that a registered user is under 18, we will cancel that user’s account. Online payment transaction forms are not provided for use in any event by persons under 18 years of age. BY PROVIDING US WITH YOUR DATA, YOU WARRANT TO US THAT YOU ARE OVER 18 YEARS OF AGE.

Privacy Policies of other websites

Our company website contains links to third party websites, plug-ins and/or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. Our privacy policy applies only to our website.

Changes to our Privacy Policy

Our company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on September 2020. If our Privacy Policy changes, we will post a dated copy here, and you are advised to visit this page regularly to check for updates.

How to contact us

We have appointed a data protection officer to oversee compliance with this privacy policy and with EU and national laws on data protection. If you have any questions about this privacy policy or how we handle your personal information, or if you would like to exercise any of these rights, please contact our DPO by Email:

How to contact the appropriate authority

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that our company has not addressed your concern in a satisfactory manner, you may contact the Office of the Information and Data Protection Commissioner in Malta at: Email: Phone number: (+356) 2328 7100

California Consumer Privacy Act (“CCPA”) of 2018

If you are a California resident, you may request from us certain data that we collect about you, or request to delete data, opt-out of the sale of personal data and the right to non-discrimination. Additional information about the CCPA can be found here:

In our Privacy Policy and Cookies Policy we have indicated the categories and types of personal data collected about you, the purpose for collecting this data, and your rights relating to our collection of data. We do not sell any personal data.

For any request you may have in connection with the aforesaid, you may contact us at We may need to verify your identity before responding to your request. If you are a current merchant/partner or banking customer, you may also directly contact your account manager at finaro.