Debite FS Limited

Privacy Policy

Last updated – [March 14, 2024]

Debite FS Limited ("Debite", "we", "us", "our") gives utmost importance to your privacy and the protection of your personal data. We prepared this Privacy Policy to inform you on which personal data we collect, how and why we process personal data and how can you practice your rights pertaining to your personal data.

1. Data controller

Debite is the data controller with respect to your personal data we process via our website www.debite.io and our mobile applications (“Platform”). You can find our contact details below:

Debite FS Limited
Address: 2 Medius House, 2 Sheraton Street, London, England, W1F 8BH
E-mail: [email protected]
DPO: Tayga Baltacioglu

2. Categories of data subjects and categories of personal data

Debite provides business financing solutions to corporations. If you are authorized personnel or a shareholder of our customer, we process your personal data below in order to be able to provide our services:

  • Name, surname
  • E-mail address
  • Country
  • Role/position
  • Debite card information
  • Financial credibility (exceptional cases, if you are a shareholder) and decisions or review of your loan application provided to us by third parties
  • Know-your-customer or anti-money laundering related documents, information and data
  • Your user and customer data
  • The sales and invoicing information and data related to the services or goods you are providing to your users or customers

If you use the platform for Account Information Services (AIS), which is a regulated activity by the FCA, we provide you with the following information:

  • Bank account information
  • Bank account balance
  • Bank account transactions

If you contact us over the Platform, we process your personal data below in order to be able to answer your queries or requests or for marketing purposes:

  • Name, surname
  • E-mail address
  • Phone number

If you visit the Platform, we process your personal data below in order to be able to track your visit:

  • IP address
  • Cookie records

3. Purposes of the processing

If you are authorized personnel or a shareholder of our customer, we process your personal data:

  • to inform you about our services and solutions we provide
  • to carry out a risk assessment and credit checks with respect to financial credibility of the corporation through Credit Reference Agencies or Fraud Prevention Agencies (“CRA”) in order to be able to provide our services and solutions
  • to undertake checks against PEP (Politically Exposed Persons) Sanctions and AML (Anti Money Laundering) databases
  • to issue your Debite card
  • to allow you to use services including services of business partners including Modulr Finance, Transunion and Creditsafe, Hubspot, Sprinque, Iwoca and Aria
  • to issue invoices for our services and solutions

based on the legal grounds that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract and that the processing is necessary for the purposes of our legitimate interests, being ensuring the financial credibility.

If you contact us over the Platform, we process your personal data:

  • to answer your queries and requests
  • for marketing purposes based on your consent for the specific purpose and based on the legal ground that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

If you visit the Platform, we process your personal data:

  • to fulfill our information security obligations
  • to maintain functionality of the Platform
  • to analyze your personal preferences and your use of our Platform based on the legal grounds that the processing is necessary for the performance of a task carried out in the public interest, being ensuring the information security and that the processing is necessary for the purposes of our legitimate interests, being maintaining the functionality of the platform; and based on your consent for analysis and targeted advertisement.

Debite FS LTD is an agent of Plaid Financial Ltd., an authorised payment institution regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Firm Registration Number: 804718). Plaid provides you with regulated account information services through Debite FS LTD as its agent.

4. How do we collect your personal data?

We mostly collect your personal data directly from you through data collection forms over the Platform if you use our services or contact us. We also automatically collect your data as you access and use our Platform.

We use cookies and other technologies that collects your personal data on our Platform. Browsers often automatically permit the use of cookies. You can change your browser settings to manage the use of cookies. You can disable and delete cookies that are not necessary and change your cookie preferences. Your visits to and use of our Platform will not be hindered if you change your cookie settings and disable optional cookies, however, you may not be able to fully enjoy certain functionalities of the Platform. Please see our Debite Cookie Policy in order to learn the details about the cookies we use and check the instructions and help functions of your browser in order to find the details on how to manage your cookie settings.

We may also obtain information about you from third party CRAs, especially for risk assessment purposes.

5. Third parties whom the personal data is shared with

We may share your personal data with public authorities and institutions if we are required by laws, regulations or other legal obligations to do so. We also share your personal data with our business partners within the context of the above purposes and legal grounds, in order to be able to provide our services over the Platform.

  • Modulr Finance is an electronic payment institution and our business partner for providing business financing solutions to our customers. By using our Platform, you enter into contract also directly with Modulr Finance, and thus you share your account information with Modulr Finance via our Platform. Please also check privacy policies of Modulr Finance in order to learn how they collect and process your personal data.

  • In order to process your application we may supply your personal information to credit reference agencies (CRAs) such as Transunion and Creditsafe, and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. You can find out more about the identities of the CRAs, and the ways in which they use and share personal information, on our Privacy page.

  • The personal information we have collected from you and anyone you have a financial link with may be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found on our Privacy page.

  • Hubspot is our customer relations management business partner providing relevant IT infrastructure and e-mailing services. We store your account information on Hubspot servers. Please also check privacy policies of Hubspot.

  • Sprinque is a service provider who provides pay by invoice services and our business partner for providing pay by invoice services to our customers and our customers’ users and buyers. By using our Platform for the related services, you enter into contract also directly with Sprinque, and thus you share your account information, know-your-customer data, user and customer information and invoice information with Sprinque via our Platform. We can also share this information with Sprinque, as well as any related information we have for provision of and control of these services. Please also check privacy policies of Sprinque in order to learn how they collect and process your personal data.

  • iwoca is a credit service provider who offers flexi-loans to our customers. By using our Platform for the related services, you will be sharing your personal information (such as first name, last name, roles (e.g director, shareholder), email(s), phone number(s), date of birth, residential address, business information (company name, company number, company type, date the company has been trading from, last 12 months turnover, shareholders, directors, etc.), account information. We share this information with iwoca, as well as any related information we have for provision of and control of these services.  Please also check the privacy policy of iwoca in order to learn how they collect and process your personal data.

  • Aria offers an API-based invoice financing solution distributed in particular via B-to-B marketplaces and ERPs. By using our Platform using Aria services, you are making contract (Aria Framework Agreement) also directly with Aria, and thus you share your account information, know-your-customer data, user and customer information and invoice information with Aria via our Platform. We can also share this information with Aria, as well as any related information we have for provision of and control of these services. Please also check privacy policies of Aria to learn how they collect and process your personal data.

You understand and confirm that you shall inform related data subjects (such as your users or customers) of the related data processing and transfer activities and warrant that you have the necessary rights and approvals to share the data for our processing and sharing to the third parties.

6. Transfers to third countries or international organizations

Your personal data may be transferred to and stored on servers located outside the European Economic Area and UK, especially through our business partners in certain cases. Certain countries have been approved as providing an adequate protection and therefore no additional safeguards are required with respect to transfers to these countries. For countries which have not been approved as providing an adequate protection, international transfers are carried out through providing suitable safeguards within the framework of Standard Contractual Clauses or GDPR Article 49(1) derogations.

7. CRAs and Profiling

In order to process your application and to provide you financing solutions or to provide you services, we will perform credit and identity checks on you with our CRA business partners at the time of your application and periodically throughout our relationship. In this respect, we will share your personal information to CRAs, including your name, your company, your contact information and other information you provide as part of your application.

The CRAs will match this information to the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history.

We will use this information to:

  • Assess your creditworthiness;

  • Verify the accuracy of the data you have provided to us;

  • Prevent criminal activity, e.g., fraud and money laundering;

  • Manage your account; and

  • Trace and recover any debts.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organizations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. When you are making an application on behalf of an entity, your records will be linked together. Such links will remain on your files until you successfully apply to the CRAs for a disassociation to break the link.

Our financial risk assessment process carried out through CRAs is a partially automated data processing process. An assessment about our customers is produced through an automated profiling process by CRAs but such assessment is reviewed by our authorized personnel. All factors are taken into account in making the final decision, it is not based solely on automated processing.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail here:

  • Transunion: https://www.transunion.co.uk/legal/privacy-centre

We can also share any related data, information or documents related to CRAs, anti money laundering or know-your-customer processes with our business partners; and they can also conduct checks and share data.

8. Retention periods and erasure

We will keep your personal data during the period of your contractual relationship with us, extended by the applicable limitation periods.

In cases where we process personal data in accordance with our legal obligations, we will keep your personal data for the duration of such obligation.

On the expiry of the applicable data retention period, we will erase or irrevocably anonymize your personal data.

9. Technical and organizational security measures

We give reasonable care to protect your personal data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures.

10. Your rights

You can use your below rights by contacting us:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

Consent for Withdrawal

We provide you a way for you to withdraw your information being processed for individuals within the European Economic Area (EEA) and the United Kingdom.

Contact us at [email protected] to initiate the steps required. We will verify your information prior to processing and proceed with the steps necessary within the applicable laws and regulations.

If you are not a resident of the EEA or the State of California but wish to no longer be subscribed to emails or direct mail campaigns, please reach out to our support team at [email protected]

Complaint Process with Supervisory Authority

If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you can contact the UK Information Commissioner’s Office (“ICO”) at https://ico.org.uk/make-a-complaint/. Alternatively, you may request that we pass on the details of your complaint to the ICO directly.

11. Changes

We may change this Privacy Policy at any time. The latest version of the Privacy Policy will be published on the Platform in case of any changes. You are responsible of periodically checking the latest version on the Platform.

One dynamic platform, all your financing needs