Debite FS Limited
Last updated – [September 19, 2023]
1. Data controller
Debite is the data controller with respect to your personal data we process via our website www.debite.io and our mobile applications (“Platform”). You can find our contact details below:
Debite FS Limited
Address: 2 Medius House, 2 Sheraton Street, London, England, W1F 8BH
E-mail: [email protected]
DPO: Tayga Baltacioglu
2. Categories of data subjects and categories of personal data
Debite provides business financing solutions to corporations. If you are authorized personnel or a shareholder of our customer, we process your personal data below in order to be able to provide our services:
- Name, surname
- E-mail address
- Debite card information
- Financial credibility (exceptional cases, if you are a shareholder) and decisions or review of your loan application provided to us by third parties
If you use the platform for Account Information Services (AIS), which is a regulated activity by the FCA, we provide you with the following information:
If you contact us over the Platform, we process your personal data below in order to be able to answer your queries or requests or for marketing purposes:
- Name, surname
- E-mail address
- Phone number
If you visit the Platform, we process your personal data below in order to be able to track your visit:
- IP address
- Cookie records
3. Purposes of the processing
If you are authorized personnel or a shareholder of our customer, we process your personal data:
- to inform you about our services and solutions we provide
- to carry out a risk assessment and credit checks with respect to financial credibility of the corporation through Credit Reference Agencies or Fraud Prevention Agencies (“CRA”) in order to be able to provide our services and solutions
- to undertake checks against PEP (Politically Exposed Persons) Sanctions and AML (Anti Money Laundering) databases;
- to issue your Debite card
- to issue invoices for our services and solutions
based on the legal grounds that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract and that the processing is necessary for the purposes of our legitimate interests, being ensuring the financial credibility.
If you contact us over the Platform, we process your personal data:
- to answer your queries and requests
- for marketing purposes
based on your consent for the specific purpose and based on the legal ground that
the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
If you visit the Platform, we process your personal data:
- to fulfill our information security obligations
- to maintain functionality of the Platform
- to analyze your personal preferences and your use of our Platform
based on the legal grounds that the processing is necessary for the performance of a task carried out in the public interest, being ensuring the information security and that the processing is necessary for the purposes of our legitimate interests, being maintaining the functionality of the platform; and based on your consent for analysis and targeted advertisement.
Debite FS LTD is an agent of Plaid Financial Ltd., an authorised payment institution regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Firm Registration Number: 804718). Plaid provides you with regulated account information services through Debite FS LTD as its agent.
4. How do we collect your personal data?
We mostly collect your personal data directly from you through data collection forms over the Platform if you use our services or contact us. We also automatically collect your data as you access and use our Platform.
We may also obtain information about you from third party CRAs, especially for risk assessment purposes.
5. Third parties whom the personal data is shared with
We may share your personal data with public authorities and institutions if we are required by laws, regulations or other legal obligations to do so. We also share your personal data with our business partners within the context of the above purposes and legal grounds, in order to be able to provide our services over the Platform.
- Modulr Finance is an electronic payment institution and our business partner for providing business financing solutions to our customers. By using our Platform, you enter into contract also directly with Modulr Finance, and thus you share your account information with Modulr Finance via our Platform. Please also check privacy policies of Modulr Finance in order to learn how they collect and process your personal data.
- In order to process your application we may supply your personal information to credit reference agencies (CRAs) such as Transunion and Creditsafe, and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. You can find out more about the identities of the CRAs, and the ways in which they use and share personal information, on our Privacy page.
- The personal information we have collected from you and anyone you have a financial link with may be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found on our Privacy page.
- Hubspot is our customer relations management business partner providing relevant IT infrastructure and e-mailing services. We store your account information on Hubspot servers. Please also check privacy policies of Hubspot.
6. Transfers to third countries or international organizations
Your personal data may be transferred to and stored on servers located outside the European Economic Area and UK, especially through our business partners in certain cases. Certain countries have been approved as providing an adequate protection and therefore no additional safeguards are required with respect to transfers to these countries. For countries which have not been approved as providing an adequate protection, international transfers are carried out through providing suitable safeguards within the framework of Standard Contractual Clauses or GDPR Article 49(1) derogations.
7. CRAs and Profiling
In order to process your application and to provide you financing solutions, we will perform credit and identity checks on you with our CRA business partners at the time of your application and periodically throughout our relationship. In this respect, we will share your personal information to CRAs, including your name, your company, your contact information and other information you provide as part of your application.
The CRAs will match this information to the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history.
We will use this information to:
- Assess your creditworthiness;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, e.g., fraud and money laundering;
- Manage your account; and
- Trace and recover any debts.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organizations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. When you are making an application on behalf of an entity, your records will be linked together. Such links will remain on your files until you successfully apply to the CRAs for a disassociation to break the link.
Our financial risk assessment process carried out through CRAs is a partially automated data processing process. An assessment about our customers is produced through an automated profiling process by CRAs but such assessment is reviewed by our authorized personnel. All factors are taken into account in making the final decision, it is not based solely on automated processing.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail here:
- Transunion: https://www.transunion.co.uk/legal/privacy-centre
8. Retention periods and erasure
We will keep your personal data during the period of your contractual relationship with us, extended by the applicable limitation periods.
In cases where we process personal data in accordance with our legal obligations, we will keep your personal data for the duration of such obligation.
On the expiry of the applicable data retention period, we will erase or irrevocably anonymize your personal data.
9. Technical and organizational security measures
We give reasonable care to protect your personal data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures.
10. Your rights
You can use your below rights by contacting us:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Consent for Withdrawal
We provide you a way for you to withdraw your information being processed for individuals within the European Economic Area (EEA) and the United Kingdom.
Contact us at [email protected] to initiate the steps required. We will verify your information prior to processing and proceed with the steps necessary within the applicable laws and regulations.
If you are not a resident of the EEA or the State of California but wish to no longer be subscribed to emails or direct mail campaigns, please reach out to our support team at [email protected]
Complaint Process with Supervisory Authority
If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you can contact the UK Information Commissioner’s Office (“ICO”) at https://ico.org.uk/make-a-complaint/. Alternatively, you may request that we pass on the details of your complaint to the ICO directly.