Principles of Processing Personal Data
These principles describe how Ferratum collects and processes the Personal Data of its Clients and / or any other Data Subjects (you) in relation to the services offered by Ferratum. These principles apply to you if you use, or have used, or have expressed an intention to use, the products or services provided by Ferratum, including before these principles were entered into force. These principles also apply where you are in any other way related to the products or services provided by Ferratum.
The processing of your Personal Data shall be governed by the laws of New Zealand.
1.1. Client – A natural person who uses, has used or has expressed an intention to use the products and services offered by Ferratum or to conclude a guarantee or warranty agreement.
1.2. Contract - A contract concluded between Ferratum and the Client.
1.3. Data Protection Regulations - Any applicable laws and regulations regulating the processing of Personal Data, including but not limited to the Privacy Act 1993;
1.4. Ferratum - Ferratum New Zealand Ltd, registry code 3263709, Registered Office Address: C/- Hayes Knight Limited, Level 1, 5 William Laurie Place, Albany, Auckland, 0632, New Zealand;
1.5. Ferratum Group - Ferratum together with companies the majority shareholder of which is directly or indirectly Ferratum's parent undertaking Ferratum Oyj (Finnish Trade Register code 1950969-1, address Ratamestarinkatu 11 A, Helsinki, Republic of Finland);
1.6. Personal Data - Any information relating to an identified or identifiable natural person (Data Subject). Data subject to banking secrecy may also include Personal Data;
1.7. Processing - Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, storing, alteration, granting access to, making enquiries, transfer, viewing, etc.
2. Collecting your Personal Data
2.1. Ferratum collects your Personal Data in the following ways:
2.1.1. When you provide it directly to us for example, by submitting it to us via the Ferratum website, via any electronic or paper forms you submit to us, or by providing information to our representatives by telephone, e-mail or any other networks through which you liaise with us; When you provide it directly to us for example, by submitting it to us via the Ferratum website, via any electronic or paper forms you submit to us, or by providing information to our representatives by telephone, e-mail or any other networks through which you liaise with us;
2.1.2. When Ferratum has collected it in relation to your previous use of Ferratum's services (for example where you have applied for a loan, or requested other services from Ferratum);
2.1.3. From external, third party or business partner sources including without limitation, commercial associates or credit reporting agencies (e.g. credit bureau, namely Equifax);
2.1.5. From publicly available sources.
2.2. The Personal Data, collected, processed and held by us depends on the services requested by you.
2.3. In the event that you enter a warranty or guarantee agreement in association with another Client, we may also collect your Personal Data from that Client.
2.4. You do not have to provide us with any Personal Data, however, if you do not do so, we may not be able to complete a transaction you have entered into, finalise payment of a product you have requested, make delivery of a product or service you have ordered, grant credit terms, or otherwise provide you with the products, services or benefits you have requested.
3. Purposes of Processing your Personal Data
3.1. Ferratum processes your Personal Data for the purpose of assessing loan applications, and concluding and performing any Contracts with you. This includes properly identifying you and performing credit and risk checks and assessments on you in order to determine whether, and on which conditions to, conclude any Contracts with you, or provide any other services.
3.2. Personal Data Processing is necessary for Ferratum to enter into and perform any Contracts with you, as well as to protect Ferratum's legitimate interests in ensuring you are trust and creditworthy.
3.3. Personal Data Processing is also necessary to allow Ferratum to collect amounts due to it, and to ensure Ferratum is meeting its legal and regulatory obligations deriving from applicable laws (including laws and regulations regulating credit institutions/lenders, such as duties to report to regulators, anti-money laundering (AML) and terrorist financing rules and regulations to properly identify the Client (KYC) and ensure the trust and creditworthiness of the Client).
3.4. Ferratum also processes Personal Data collected for the following purposes:
3.4.1. to safeguard Ferratum's legal rights (for example in establishing, exercising and defending legal claims);
3.4.2. to assess the quality of Ferratum's services, including customer support services and quality assurance services;
3.4.3. to supply our products, services or benefits to you, or for related purposes;
3.4.4. for direct marketing purposes;
3.4.5. to carry out market research;
3.4.6. to prepare statistical studies and analyses of client groups, market shares of products and services and other financial indicators;
3.4.7. to report and risk manage in order to better understand your expectations; and
3.4.8. to develop Ferratum's models, products, services and processes.
4. Types of Personal Data collected
4.1. For the purposes identified above, Ferratum may need to process the following types of Personal Data about you (note this is not an exhaustive list):
4.1.1. Identification data (e.g. name, personal identification code, date of birth, place of birth, nationality, information about and copy of identification document, results of face/ID recognition, voice, picture, video, signature, address).
4.1.2. Contact data (e.g. address, phone number, e-mail address, language of communication).
4.1.3. Bank data (e.g. bank ID, name of bank, account holder, account number, transaction information from your bank account, if you have consented to this).
4.1.4. Education and employment data (e.g. qualification, educational institution, current and former employer and position).
4.1.5. Financial data (e.g. salary, income, expenses).
4.1.6. Data concerning origin of assets (e.g. employer, business activities and actual beneficiaries, income sources and wealth).
4.1.7. Data concerning creditworthiness/trustworthiness (e.g. payment behaviour, any evidence as to money laundering and / or terrorist financing, or compliance with international sanctions, data relating to the purpose of any business relationships, and data relating to whether the Client is a politically exposed person).
4.1.8. Data obtained when performing an obligation arising from the law (e.g. information received from enquiries submitted by investigative bodies, notaries, tax authorities, courts and bailiffs).
4.1.9. Communications data (e.g. e-mails, phone call recordings).
4.1.10. Ferratum website activity data (including information obtained from cookies); and
4.1.11. Data related to Ferratum's provision of any services to you (e.g. performance of the contract or the failure thereof by you, transactions history, submitted applications, requests and complaints).
5. Data processors
5.1. Ferratum uses carefully selected service providers (data processors) in Processing your Personal Data. In doing so, Ferratum remains fully responsible for your Personal Data.
5.2. Ferratum uses the following categories of data processors: legal and other advisors, other Ferratum Group entities, data storage providers, telemarketing, marketing and surveys service providers, e-mail and SMS gateway service providers, identification and certification service providers, debt collection agencies, bank data scraping, scoring and credit check service providers, voice call dealer service providers, online and offline intermediaries.
6. Third parties
6.1. Ferratum only shares your Personal Data with third parties if stipulated herein, if required under the applicable law (e.g. when Ferratum is obligated to share Personal Data with the authorities) or with your consent.
6.2. We share your Personal Data with the following third parties:
6.2.1. to persons maintaining databases of defaulted payments;
6.2.2. debt collection agencies;
6.2.3. Ferratum's auditors;
6.2.4. Ferratum's regulators; and
6.2.5. Ferratum's partners (including Lead Market Australia Pty Ltd, Level 7, 201 Charlotte Street, Brisbane QLD 4000, Australia, ACN: 602195684 and Quadsaa Pty Limited, Papamoa Beach, Papamoa 3118, NZBN: 9429041797884), affiliates and related entities for the purpose of such parties marketing their products and/or services to you.;
7. Transferring Personal Data outside New Zealand
7.1. Ferratum transfers Personal Data to Ferratum Group entities and other entities located outside of New Zealand. For example, Ferratum may transfer Personal Data to entities located in the European Union, USA, Canada, India, Switzerland, Australia. This includes providing access to your Personal Data from such countries.
7.2. Ferratum will only transfer Personal Data outside of New Zealand where it has a lawful basis to do so, and will only transfer information to a receiving entity that is: (i) in a country which provides an adequate level of protection for Personal Data; or (ii) under an instrument which covers the New Zealand requirements for the transfer of Personal Data outside New Zealand.
7.3. You can receive further details on the transfer of Personal Data outside New Zealand by contacting Ferratum on the contact details listed at clause 11 below.
8. Data retention
8.1. Ferratum retains your Personal Data in accordance with industry guidelines for:
8.1.1. as long as necessary for the purposes for which it was lawfully collected; or
8.1.2. as long as necessary to safeguard Ferratum's legal rights; or
8.1.3. as long as may be required by any applicable legal acts.
8.2. If Personal Data is Processed for several purposes, that Personal Data will be retained for the longest retention period applicable.
8.3. Ferratum will retain any Personal Data related to a breach of law or obligation either committed by you, or another person, for a maximum of 10 years from the date when the breach of law or relevant obligation occurs or comes to our attention, or as otherwise required by law (for example where a court proceeding, litigation or claim is reasonably contemplated by us).
9. Your rights
9.1. To the extent required by applicable Data Protection Regulations, you have all the rights of a Data Subject as regards your Personal Data. This includes the right to:
9.1.1. request access to your Personal Data;
9.1.2. obtain a copy of your Personal Data; and
9.1.3. rectify inaccurate or incomplete Personal Data relating to you.
9.2. Should you believe that your rights have been violated, you have the right to lodge a complaint with:
9.2.1. Ferratum's customer support service;
9.2.2. Ferratum's privacy officer;
9.2.3. the Office of the Privacy Commissioner; or
9.2.4. the courts.
10. Amending these principles
10.1. Should the Personal Data Processing practices of Ferratum change or should there be a need to amend these principles under the applicable law, case-law or guidelines issued by any supervisory authorities, Ferratum is entitled to unilaterally amend these principles at any time. In such case, Ferratum will notify you by e-mail no later than one month prior to the amendments entering into force.
11.1. In case you have any questions regarding the Processing of your Personal Data by Ferratum or you would like to exercise your rights as a Data Subject, please contact us via firstname.lastname@example.org.
11.2. Ferratum has appointed a privacy officer whom you also may contact via email@example.com.