Privacy and Cookie Policy

1. General

In the following Privacy Policy, Ferratum Bank p.l.c. (hereinafter “we” or “Ferratum”) inform you about the collection, use and processing of your personal data, when you access the website (hereinafter: "Website") and/or the Ferratum’s mobile web application (hereinafter: “Web App”), or when you use the banking service(s) offered by Ferratum through the Website/Web App (hereinafter: “Service(s)”).

The principles apply if you use, has used or has expressed an intention to use or if you are in any other way related to the products or services provided by Ferratum, including before these principles entered into force.

2. Definitions

a) Customer: A natural person who uses, has used or has expressed an intention to use the products and services offered by Ferratum;

b) Contract: A contract concluded between Ferratum and the Customer;

c) Data Controller: Ferratum is Data Controller responsible for the Processing of your Personal Data within the context of the GDPR and the Data Protection Act;

d) Data Protection Act: Chapter 440 of the Laws of Malta – Data Protection Act;

e) Data Protection Regulations: Any applicable laws and regulations regulating the processing of

Personal Data, including but not limited to the GDPR and the Data Protection Act;

f) Data Subject: an identified or identifiable natural person to whom the Personal Data is related;

g) Ferratum: Ferratum Bank p.l.c., Malta Registry of Companies code C 56251, address ST Business Centre 120, The Strand, Gzira, GZR 1027, Malta, phone: +356 203 415 33, e-mail:;

h) GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;

i) Personal Data: Any information relating to a Data Subject;

j) Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, storing, alteration, granting access to, making enquiries, transfer, viewing, etc.. The Processing of your Personal Data shall be governed by the laws of Malta;

3. The purpose behind processing your Personal Data

We process your Personal Data to provide you with the Services and to constantly improve the quality of our Services as well as the performance of Ferratum’s obligations arising from law, safeguarding Ferratum’s rights. We also process your Personal Data for marketing purposes, provided that you have provide us with your freely given, specific, informed and explicit consent.

4. The legal basis for processing your Personal Data

In accordance with provisions of the Data Protection Act and the GDPR, which governs Ferratum practices, your Personal Data is processed on the basis of the following legal grounds:

a) Processing of your Personal Data on the basis of your the freely given, specific, informed and explicit consent for one or more specific purposes (e.g. for marketing purposes and for carrying out market research, preparing statistical studies and analyses of customer groups, market shares of products and services and other financial indicators, as well as reporting and risk management in order to better understand the clients’ expectations and develop Ferratum’s models, products, services and processes);

b) Processing is necessary for the conclusion and performance of the Contract or in order to take steps at your request prior to entering into the Contract. This includes properly identifying you and performing credit and risk checks and assessments on you in order to determine whether and on which conditions to conclude the Contract;

c) Processing is necessary for compliance with legal and regulatory obligations which Ferratum is subject to as a Data Controller. Ferratum’s legal and regulatory obligations include, but they are not limited to, those obligations deriving from the applicable laws and regulations which regulate credit institutions, such as duties to report to regulators, anti-money laundering (AML) and terrorist financing rules and regulations to properly identify the customer (KYC) and ensure the trust- and creditworthiness of the Customer.;

d) Processing is necessary to achieve the legitimate interests pursued by Ferratum. To this respect, Processing may also include: (i) checking that you are trustful and creditworthy; (ii) collecting amounts due by you to Ferratum; and (iii) safeguarding Ferratum’s rights establishing, exercising and defending legal claims.

5. What kind of Personal Data and information do we process and for how long?

5.1. Informational use of our Website and App Web

If you visit our Website and/or the Web App purely for informational reasons (and do not apply for Services with Ferratum), we shall not process any Personal Data, with the exception of the data which your browser or your end device transmits in order to enable your visit to the Website or Web App. Thereby, the following data will be transmitted to Ferratum:

• Your IP address;

• Date and time of the request;

• Time zone difference to Greenwich Mean Time (GMT);

• Content of the request (specific page);

• Access status/http status code;

• Volume of data transferred;

• Website (from which the request comes);

• Browser;

• Operating system;

• Language and version of the browser software;

• Advertising Identifier (IDFA).

Additionally, using the Website and Web App, Cookies will be stored on your end device. You can find further information on ‘Cookies’, by referring to item 13 below.

5.2 Data collection in relation to the Services

5.2.1. In accordance with the provisions of the GDPR, if you use our Website and/or the Web App to be provided with the Services, Ferratum shall process your Personal Data only to the extent is necessary to enable us to provide you with the required and best service. Depending upon the respective Service (e.g. current account, overdraft, savings account including savings goals and term deposit), the following types of Personal Data could be processed:

• Identification Data (e.g. your name, personal identification code, date of birth, place of birth, nationality, information about and copy of identification document, results of face/ID recognition, voice, picture, video, signature, address);

• Contact Data (e.g. your address, phone number, e-mail address, language of communication);

• Bank Data (e.g. bank ID, name of bank, account holder, account number, transaction information from your bank account);

• Financial Data (e.g. monthly income, monthly housing costs, other monthly costs, monthly costs to other loans, total amount of monthly expenses, monthly balance);

• Data concerning origin of assets (e.g. data concerning employer, transaction partners, business activities and actual beneficiaries, data showing the source of your income and wealth);

• Data concerning creditworthiness/trustworthiness (e.g. data concerning payment behaviour, damages caused to Ferratum or other persons, data that enables Ferratum to perform its due diligence measures regarding money laundering and terrorist financing prevention and to ensure the compliance with international sanctions, including the purpose of the business relationship and whether the Client is a politically exposed person);

• Data obtained when performing an obligation arising from the law (e.g. information received from enquiries submitted by investigative bodies, notaries, tax authorities, courts and bailiffs);

• Communications Data (e.g. e-mails, phone call recordings);

• Data inserted to log-in your online account;

• Data related to the services (e.g. performance of the Contract or the failure thereof, transactions history, submitted applications, requests and complaints).

5.2.2. Telephone conversations with you may be recorded to allow our efficient monitoring of customer satisfaction levels and to resolve your complaints. These records will be stored for the duration stipulated by law. You can find further information on the records concerning telephone conversation, by referring to the table below:


Archiving period

Resolve complaints

6 years from the date when the complaint was resolved

Quality control monitoring

5 years from the date of the record


2 years from the date of the record

5.2.3. In order to proceed with opening your Ferratum Bank Account as resident in Germany, you must consent that Ferratum shall transmit to Schufa AG or collect from Schufa AG your Personal Data, with the purpose to identify you and verify your identity and perform credit and risk assessments. You can get information from Schufa AG about Your Personal Data stored with Schufa AG. More information regarding the SCHUFA information procedure and the score procedure are provided to you on the “Schufa Informationsblatt” enclosed to this document and on their website: The postal address of SCHUFA is: SCHUFA Holding AG, Privatkunden ServiceCenter, Postfach 10 34 41, 50474 Köln.

6. Direct Marketing

We process your Personal Data also for marketing purposes only if you have given us your explicit consent, which can also be provided electronically. You can revoke your consent at any time with effect for the future without reason and without incurring any costs.

We may send marketing materials to you if you have chosen to receive such materials.

We may use your personal information (e-mail address and/or mobile phone number) obtained from our Website or the Web App to send communications and promotional information about our Services, through conventional methods, e-mail, and/or SMS or MMS, or social media, based on your freely given consent.

You have the right, at any time, to withdraw your consent and ask not to receive marketing communications, through:

a) Written communication to the address specified below, including the email and/or telephone number as well as the wording “UNSUBSCRIBE”:

Ferratum Bank p.l.c.

ST Business Centre 120, The Strand, Gzira, GZR 1027, Malta

b) Telematic communication through the contact form included in the Web section “Contact”, indicating “UNSUBSCRIBE” in the subject and providing all the information mentioned in the paragraph above.

Where you object in any above-mentioned means to processing for marketing purposes, your Personal Data shall no longer be processed for marketing purposes and we shall inform our partners accordingly.

Please, note that withdrawing consent does not affect the lawfulness of Processing based on consent before its withdrawal.

All of our staff are responsible for maintaining customer confidentiality, and all third parties engaged by Ferratum, such as our cooperation partners and service providers, are legally bound to keep all personal information confidential.

7. Disclosure of Personal Data to third parties

Ferratum only shares your Personal Data with third parties: (i) if required under the applicable law (e.g. when

Ferratum is obligated to share Personal Data with the authorities), particularly to protect the integrity of the Website/Web App and to assist Governmental bodies, enforcement agencies, and/or regulators in their investigations or any investigations regarding public safety, provided that such disclosure will be only granted under proper authority; or (ii) with your consent.

In case under (ii) above Ferratum shall not disclose your Personal Data to third parties for any other purposes, such as market research or other types of marketing.

Information regarding your financial details shall not be shared with third parties, unless we are obliged to do so by law or under your specific consent.

8. Transferring Personal Data outside the EEA

Ferratum transfers Personal Data to Ferratum Group entities and to Ferratum’s partners and/or service providers (including provide access to Personal Data from) outside the European Economic Area, e.g. to Australia, Brazil, USA, Canada, India, Switzerland, India, Japan, Singapore, Philippines. This includes providing access to personal data from such countries. However, Ferratum does so only where it has a lawful basis to do so, including to a recipient who is: (i) in a country which provides an adequate level of protection for Personal Data; or (ii) under an instrument which covers the EU requirements for the transfer of Personal Data outside the EU.

You can receive further details on the transfers of Personal Data outside the EU upon contacting Ferratum on the contact details below.

9. Data retention

Ferratum retains your Personal Data in accordance with industry guidelines for as long as necessary for the purposes for which they were collected or for as long as necessary to safeguard its rights or for as long as required by applicable legal acts. Please, note that if the same Personal Data or is processed for several purposes, the Personal Data will be retained for the longest retention period applicable.

In accordance with the maximum limitation period from EU directive on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, Ferratum shall retain any Personal Data related to such legal obligation for 5 years, in compliance with the applicable local law implementing the EU directive above, from the date the customer relationship has been terminated, or a suspicion was filed, whichever is the latest;

If you onboard and open a bank account via videoconferencing, audio from a videoconference shall be recorded for compliance and anti-money laundering purposes. In this case the audio records and your Personal Data therein will be stored for a period of 5 years from the termination of your contract with Ferratum Bank in accordance with the provisions of the Prevention of Money Laundering Act, Chapter 373 of the Laws of Malta. In case you onboard and open a bank account via videoconferencing as resident in Spain, Ferratum Bank shall be obliged to store the relevant video and audio records and your Personal Data for a period of 10 years from the termination of your contract with Ferratum Bank, in compliance with the Law On The Prevention Of Money Laundering And Terrorist Financing, no. 10/2010 of 28 April

Published in the Official State Gazette 29 April 2010.

In accordance with the maximum limitation period for claims arising from a transaction if the obligated person intentionally violated the person's obligations and for claims arising from law, Ferratum shall retain any Personal Data related to such civil claims for a maximum of 2 years, whether such civil claims are not arising from a criminal offence, or for the maximum period of time by which the relevant action is barred from the criminal law, whether such civil claims are arising from a criminal offence, starting from the date when the claim falls due.

10. Your rights in relation of the data proceeding

You shall be granted, to the extent permitted by the applicable laws and regulations with the rights specified here below in respect to your Personal Data:

a) to get transparent information, including this Privacy Policy, which aims to provide you with all relevant information relating to our data processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language;

b) right to access, which means you have the right to obtain from Ferratum confirmation as to whether or not your Personal Data is being processed;

c) right to rectification, which means Ferratum is obliged to correct your inaccurate Personal Data. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed. Please note that you are kindly requested to inform us without undue delay about any changes to your Personal Data;

d) right to erasure (‘right to be forgotten’), you have the right to obtain from Ferratum the erasure of your Personal Data without undue delay. Please, note there are different legal obligations based on acts which shall be fulfilled by Ferratum. This means e.g. your identification related Personal Data shall not fall within the scope of this right;

e) right to restriction of processing, you are entitled to ask Ferratum to restrict data Processing if you are contesting the accuracy of your Personal Data held by Ferratum, this until the accuracy of your Personal Data is verified;

f) right to data portability, it means youhave the right to receive your Personal Data which you have provided to us, in a structured, commonly used format and have the right to transmit those Personal Data to another controller without hindrance from us to which the Personal Data have been provided and processed based on your consent or on Contract, even when the processing is carried out automatically;

g) right to object, means that you have the right to object, on grounds relating to your particular situation, at any time to us processing your Personal Data if the Processing would be necessary for the purposes of the legitimate interests pursued by us or by a third party; you are entitled to object at any time to the Processing of your Personal Data for direct marketing, which includes profiling.

Should you believe that your rights have been violated, you have the right to lodge a complaint with:

- Ferratum Customer Support Service or

- Ferratum Data Protection Officer or;

- the Office of the Information and Data Protection Commissioner or;

- the courts should you believe that your rights have been violated.

11. Changes to our Privacy Policy

Should the Personal Data Processing practices of Ferratum change or should there be a need to amend these principles under the applicable law, case-law or guidelines issued by competent authorities, Ferratum is entitled to unilaterally amend these principles at any time. In such case, Ferratum will notify you by e-mail no later than one month prior to the amendments entering into force.

12. Enquiries and Contact

If you are not satisfied with the information regarding the data protection measures presented in this policy, or if you have any questions regarding the collection, processing and / or use of your personal data, please contact us. We will endeavour to answer your questions as soon as possible and to implement your suggestions. Please contact us by post, e-mail or telephone at:

Ferratum Bank p.l.c.

ST Business Centre 120, The Strand, Gzira, GZR 1027, MALTA

Telephone: (+356) 20927700

Fax: (+356) 20927710


Ferratum has appointed a data protection officer whom you also may contact regarding the same on the following contact details:

13. Cookies.

13.1. What are cookies?

Cookies are text files of the types described under item 13.2. below sent by the Website/Web App for the purposes under item 13.3. below and stored on the user's device (hereinafter: “Cookies”). The Website and the Web App don´t have access to other files on the user's device. The contents of the Cookies do not allow for identification of the user.

13.2. Why are Cookies used?

The Website and the Web App use Cookies to:

• Produce statistics, which are used to optimize and modify the Services in order to better adapt to the needs of users;

• Maintain the Website and Web App session;

• Optimize the tools used on the Website and the Web App (e.g. calculators).

13.3. Types of Cookies

The Website and the Web App use the following Cookies:

• Session - are temporary and remain on your device until leaving the Website/Web App or disabling the software (web browser).

• Permanent - they are stored in the user device for the time specified in the parameters of the file or until deleted manually by the user.

• External entities Cookies (third parties Cookies) / Advertisement - files from e.g. servers, companies and service providers working with the owner of the Website and the Web App. These files allow Ferratum to customize the advertisements according to the preferences and habits of their users. They also allow one to evaluate the effectiveness of advertising (e.g. to count how many people clicked on the ad and went to the Website and Web App).

13.4. Reference to other websites

The Website and the Web App may contain references to other websites which use their own privacy and cookie policies. Ferratum recommends that you familiarize yourself with each of these policies, because Ferratum does not assume any responsibility for the practices of these sites.

13.5. Disabling Cookies

You may disable Cookies in your browser configuration, however you may then be unable to use some or all, of the Services.

13.6. Cookies from Google Analytics

To optimise its internet offer, Ferratum Bank uses Google Analytics and Google Tag Manager; web analysis services of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Analytics and Google Tag Manager also use ‘Cookies’: text files stored on your computer that enable us to analyse your use of the Website/Web App.

The information the cookie produces about your use of the Website (including your IP address) and Web App will be transferred to and stored on a Google server in the US. Google will use such information to analyse the use of the Website/Web App, to compile reports on website activities for Website/Web App operators and to offer further services related to the use of the Website/Web App and the internet. Moreover, Google may transfer such information to third parties if this is legally required or if such third parties process the relevant information on Google's behalf. Google shall under no circumstances link your IP address to other data it possesses.

By using this Website/Web App, you agree that the data collected about you may be processed by Google in the manner and for the purpose described above. You can prevent the storage of Cookies by configuring your browser software accordingly; however, we hereby point out that in this case you may not be able to use all functions of the Website/Web App fully. Furthermore, you can prevent the collection of the data generated by the Cookie related to your use of our Website (incl. IP address) by Google as well as the processing of these data by Google, by downloading and installing the browser plugin available via the following link:

You can find more detailed information about this here: (general information about Google Analytics and data protection).

On the Website/Web App Google Analytics are expanded with the code "gat.anonymizeIp();" in order to guarantee an anonymised collection of IP addresses (so-called IP Masking).

13.7. Cookies form Adjust

The Web App uses the Adjust usage statistics and analysis technology of adjust GmbH, Saarbrücker Str. 36, 10405 Berlin (hereinafter: "Adjust"). When you launch the Web App, Adjust collects installation and event data such as ‘app downloaded from iOS and Android mobile’ in order to help Ferratum to understand how users are interacting with the Web App and to optimize and analyse mobile ad campaigns. For such analysis, Adjust uses your anonymized (hashed) IDFA or Google Play Services ID, and your anonymized (hashed) IP- and MAC address. The hashes used are one-way hashes and it is not possible to identify you or your mobile device individually.

14. Social plugins, functions and services

14.1. Use of "Facebook" plugins

Plugins from the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025,

USA) are integrated in our Services. You can recognise the Facebook plugins from the Facebook logo or the "Like button" on our page. You can find an overview of the Facebook plugins here:

If you visit the Website or the Web App and click on the Facebook plugin, a direct connection will be established between your browser and the Facebook server. Facebook thereby receives the information that you have visited the Website or the Web App with your IP address. If you click on the Facebook "Like button" while you are logged into your Facebook account, you can link the contents of the Website pages to your Facebook profile. Thereby, Facebook can associate the visit to the Website or the Web App with your user account. As provider of the Services, Ferratum does not receive any information on the contents of the data transmitted or their use by Facebook. You can find further information about this in Facebook’s Privacy Policy at

If you do not want Facebook to be able to associate the visit to our Services with your Facebook user account, please log out of your Facebook user account.

14.2. Use of “Twitter”

Functions of the Twitter service are integrated in the Services. These functions are offered by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "re-tweet" function, the websites visited by you are linked to your Twitter account and announced to other users. Data are thereby also transmitted to Twitter.

As provider of the Services, Ferratum does not receive any information on the contents of the data transmitted or their use by Twitter. You can find further information about this in Twitter’s Privacy Policy at

You can change your Twitter privacy settings in the account settings at

14.3. Use of “Instagram”

Functions of the Instagram service are integrated in the Services. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (hereinafter: "Instagram"). If you are logged into your Instagram account, you can link the contents of the Website pages with your Instagram profile by clicking on the Instagram button. Thereby, Instagram can associate the visit to the Services with your user account. As provider of the Services, Ferratum does not receive any information on the contents of the data transmitted and their use by Instagram.

You can find further information about this in Instagram’s Privacy Policy:

14.4. Use of “Salesforce Live Agent”

Salesforce Live Agent (hereinafter: “Salesforce-Live”) is a chat service rendered by Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, United States (hereinafter: “Salesforce”). Salesforce-Live Agent is utilised by Ferratum to connect its customers on the Website or the Web App with Ferratum’s customer support centre. While processing the chat session, Salesforce uses the Cookies and collects the following user’s data:

• Customer’s Full Name

• Location (from which the request comes)

• IP address

• Date, start and end time of the request

• Status of the request

• Content of the request (specific page)

• Referring Website (from which the request comes)

• Browser

• Operating system

• Language and version of the browser software

• Visitor Identification Number.

Further relevant information can be found in Salesforce privacy policy at

Last update: 31.10.2018

Follow us