Debite FS Limited Privacy Policy

Last updated – [March 16, 2022]

Debite FS Limited (“Debite”, “we”, “us”, “our”) gives utmost importance to your privacy and the protection of your personal data. We prepared this Privacy Policy to inform you on which personal data we collect, how and why we process personal data and how can you practice your rights pertaining to your personal data.

1- Data controller

Debite is the data controller with respect to your personal data we process via our website www.debite.io and our mobile applications (“Platform”). You can find our contact details below:

Debite FS Limited
Address: 20-22 Wenlock Road, London, England, N1 7GU
E-mail: support@debite.io
DPO: Tayga Baltacioglu

2- Categories of data subjects and categories of personal data

Debite provides business financing solutions to corporations. If you are authorized personnel or a shareholder of our customer, we process your personal data below in order to be able to provide our services:
- Name, surname
- E-mail address
- CountryRole/position
- Debite debit card information
- Financial credibility (exceptional cases, if you are a shareholder) and decisions or review of your loan application provided to us by third parties

If you contact us over the Platform, we process your personal data below in order to be able to answer your queries or requests or for marketing purposes:
- Name, surname
- E-mail address
- Phone number

If you visit the Platform, we process your personal data below in order to be able to track your visit:
- IP address
- Cookie records

3- Purposes of the processing

If you are authorized personnel or a shareholder of our customer, we process your personal data:
- to inform you about our services and solutions we provide
- to carry out a risk assessment and credit checks with respect to financial credibility of the corporation through Credit Reference Agencies or Fraud Prevention Agencies (“CRA”) in order to be able to provide our services and solutions
- to undertake checks against PEP (Politically Exposed Persons) Sanctions and AML (Anti Money Laundering) databases;
- to issue your Debite card
- to issue invoices for our services and solutions
based on the legal grounds that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract and that the processing is necessary for the purposes of our legitimate interests, being ensuring the financial credibility.

If you contact us over the Platform, we process your personal data:
- to answer your queries and requests
- for marketing purposes
based on your consent for the specific purpose and based on the legal ground thatthe processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

If you visit the Platform, we process your personal data:
- to fulfill our information security obligations
- to maintain functionality of the Platform
- to analyze your personal preferences and your use of our Platform
based on the legal grounds that the processing is necessary for the performance of a task carried out in the public interest, being ensuring the information security and that the processing is necessary for the purposes of our legitimate interests, being maintaining the functionality of the platform; and based on your consent for analysis and targeted advertisement.

4- How do we collect your personal data?

We mostly collect your personal data directly from you through data collection forms over the Platform if you use our services or contact us. We also automatically collect your data as you access and use our Platform.

We use cookies and other technologies that collects your personal data on our Platform. Browsers often automatically permit the use of cookies. You can change your browser settings to manage the use of cookies. You can disable and delete cookies that are not necessary and change your cookie preferences. Your visits to and use of our Platform will not be hindered if you change your cookie settings and disable optional cookies, however, you may not be able to fully enjoy certain functionalities of the Platform. Please see our Debite Cookie Policy in order to learn the details about the cookies we use and check the instructions and help functions of your browser in order to find the details on how to manage your cookie settings. 

We may also obtain information about you from third party CRAs, especially for risk assessment purposes.

5- Third parties whom the personal data is shared with

We may share your personal data with public authorities and institutions if we are required by laws, regulations or other legal obligations to do so. We also share your personal data with our business partners within the context of the above purposes and legal grounds, in order to be able to provide our services over the Platform.

- Modulr Finance is an electronic payment institution and our business partner for providing business financing solutions to our customers. By using our Platform, you enter into contract also directly with Modulr Finance, and thus you share your account information with Modulr Finance via our Platform. Please also check privacy policies of Modulr Finance in order to learn how they collect and process your personal data.

- In order to process your application we may supply your personal information to credit reference agencies (CRAs) such as Transunion and Creditsafe, and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. You can find out more about the identities of the CRAs, and the ways in which they use and share personal information, on our Privacy page.

- The personal information we have collected from you and anyone you have a financial link with may be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found on our Privacy page.

- Hubspot is our customer relations management business partner providing relevant IT infrastructure and e-mailing services. We store your account information on Hubspot servers. Please also check privacy policies of Hubspot.

6- Transfers to third countries or international organizations

Your personal data may be transferred to and stored on servers located outside the European Economic Area and UK, especially through our business partners in certain cases. Certain countries have been approved as providing an adequate protection and therefore no additional safeguards are required with respect to transfers to these countries. For countries which have not been approved as providing an adequate protection, international transfers are carried out through providing suitable safeguards within the framework of Standard Contractual Clauses or GDPR Article 49(1) derogations.

7- CRAs and Profiling

In order to process your application and to provide you financing solutions, we will perform credit and identity checks on you with our CRA business partners at the time of your application and periodically throughout our relationship. In this respect, we will share your personal information to CRAs, including your name, your company, your contact information and other information you provide as part of your application.

The CRAs will match this information to the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history.

We will use this information to:
- Assess your creditworthiness;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, e.g., fraud and money laundering;
- Manage your account; and
- Trace and recover any debts.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organizations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. When you are making an application on behalf of an entity, your records will be linked together. Such links will remain on your files until you successfully apply to the CRAs for a disassociation to break the link.

Our financial risk assessment process carried out through CRAs is a partially automated data processing process. An assessment about our customers is produced through an automated profiling process by CRAs but such assessment is reviewed by our authorized personnel. All factors are taken into account in making the final decision, it is not based solely on automated processing.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail here:

- Transunion: https://www.transunion.co.uk/legal/privacy-centre

8- Retention periods and erasure

We will keep your personal data during the period of your contractual relationship with us, extended by the applicable limitation periods.

In cases where we process personal data in accordance with our legal obligations, we will keep your personal data for the duration of such obligation.

On the expiry of the applicable data retention period, we will erase or irrevocably anonymize your personal data.

9- Technical and organizational security measures

We give reasonable care to protect your personal data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures.

10- Your rights

You can use your below rights by contacting us:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.

11- Changes

We may change this Privacy Policy at any time. The latest version of the Privacy Policy will be published on the Platform in case of any changes. You are responsible of periodically checking the latest version on the Platform.