Privacy Policy – Debita Website

Last updated: 19 August 2025

Version: 1.0

About this notice

This Privacy Policy explains how NEITEC Ltd, trading as "Debita" ("Debita", "we", "us", "our"), collects and uses personal data when you visit or interact with our public website for Debita (the "Website"). It applies only to the Website. It does not apply to Debita's transactional platform, investor or issuer portals, or any product environments, which are governed by separate privacy terms made available during onboarding or in‑app.

By using the Website, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Website.

Who we are and how to contact us

Controller: NEITEC Ltd (trading as "Debita")

Registered country: United Kingdom

Email for privacy matters and rights requests: admin@neitec

If you prefer to write to us by post, please address your letter to "Privacy Team" at the registered office of NEITEC Ltd in the United Kingdom. We will provide our full postal details on request via the email above.

UK framework that applies to this policy

We process personal data in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR) for cookies and direct electronic marketing.

What this policy covers

This policy covers personal data processed when you:

  • browse the Website
  • submit Website forms or otherwise contact us
  • subscribe to Debita updates or newsletters
  • download content or register for events or webinars hosted by us
  • interact with our marketing communications sent on the basis described below
  • follow careers links on the Website (note that some recruitment information may be processed within third‑party applicant systems that have their own privacy notices)

This policy does not cover third‑party sites or services we link to. Their privacy notices apply to their processing.

Personal data we collect

Depending on how you interact with the Website, we may collect the following categories of personal data:

  • Identity and contact data: name, email address, telephone number, company, job title, country or region, and the content of messages you send us.
  • Subscription and preference data: topics of interest, preferred language, and your opt‑in or opt‑out choices with associated timestamps.
  • Usage and technical data: IP address (which may be truncated or masked where configured), device and browser type, operating system, pages viewed, time and date of visits, referring and exit URLs, general geolocation at country or region level, and clickstream data.
  • Cookies and similar technologies: information collected via cookies, tags and pixels. Details and controls are set out in our Cookie Notice and consent tools.
  • Event and content‑download data: details you provide to sign up for Debita events or to access materials, such as name, company, role and email address.
  • Careers data: CV or résumé information, cover letters, work history, education, professional references and any information you choose to include if you apply for roles through links on our Website.
  • Business‑development data: publicly available professional information used for business‑to‑business outreach to organisations that may be interested in Debita.
  • Communications data: records of correspondence with you and our responses, including media or partnership enquiries.

We do not intentionally collect special category data (for example, health, biometric or precise geolocation) through the Website. Please do not include such data in Website forms.

Sources of personal data

  • Directly from you when you complete forms, subscribe, register for events or contact us.
  • Automatically from your device and browser when you access the Website.
  • From third parties acting on our behalf, such as analytics, email delivery, events and recruitment providers, and from publicly available professional sources.

Purposes and lawful bases for processing

We process personal data for the purposes below under the lawful bases recognised by UK GDPR:

  • Operating, maintaining and securing the Website, diagnosing and fixing issues, and preventing fraud or abuse (legitimate interests).
  • Responding to your enquiries, scheduling meetings and communicating with you at your request (contract, or legitimate interests where no contract is formed).
  • Managing subscriptions and sending newsletters, updates and invitations. Where PECR requires consent for email marketing, we rely on your consent; for business‑to‑business communications to corporate subscribers permitted under PECR, we rely on legitimate interests. You can opt out at any time.
  • Planning and administering events and webinars you register for, and sending related information (contract or legitimate interests).
  • Measuring and improving Website performance and understanding audience engagement. We rely on consent for non‑essential cookies and analytics; where only strictly necessary or aggregated statistics are used, we rely on legitimate interests.
  • Processing job applications and managing recruitment (steps prior to entering into a contract, contract and legal obligations).
  • Complying with legal obligations, responding to lawful requests and protecting our rights and users (legal obligation and/or legitimate interests).

Cookies and similar technologies

We use cookies and similar technologies to make the Website work, remember preferences, measure performance and, where permitted, tailor content. Non‑essential cookies and similar technologies will only be used with your consent, which you can give, refuse or withdraw at any time via the cookie banner or settings tool available on the Website. For details of the cookies we use and how long they persist, please see our Cookie Notice and settings tool on the Website.

Sharing and disclosure of personal data

We may share personal data with the following recipients, in each case only for the purposes described above and subject to appropriate safeguards and contracts:

  • Service providers processing data on our behalf, such as hosting and infrastructure, Website and security providers, analytics, email delivery, customer relationship management, event platforms, recruitment platforms and cookie consent tools.
  • Professional advisers, such as auditors and law firms, under duties of confidentiality.
  • Affiliates within our corporate group involved in operating the Website or responding to your requests.
  • Event partners when you sign up for co‑hosted events and we inform you of such sharing at the point of registration.
  • Law enforcement, regulators and courts, where required by law or to protect our rights, users or the public.
  • A purchaser or relevant party in connection with a business transaction such as a merger, acquisition or restructuring, subject to confidentiality.

We do not sell personal data. If in future we engage in activities that constitute "sharing" for cross‑context behavioural advertising under any applicable UK guidance, we will provide a clear opt‑out mechanism.

International transfers

Where we transfer personal data outside the UK, we will ensure an appropriate safeguard is in place as required by UK GDPR. This may include the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses together with the UK addendum, plus supplementary measures where appropriate. You can contact us to request more information about relevant safeguards (we may redact commercially sensitive details).

Data retention

We keep personal data no longer than is necessary for the purposes described in this policy, including to comply with legal, accounting and reporting obligations and to establish or defend legal claims. As a guide:

  • general enquiries and correspondence are typically kept for up to 24 months after our last interaction
  • marketing subscriptions are kept until you unsubscribe, and we keep suppression records to honour your opt‑out
  • analytics and cookie information are retained in accordance with our Cookie Notice and the settings in our consent tool
  • event records are typically kept for up to 24 months after the event
  • recruitment data are typically kept for up to 12 months after a process ends unless a longer period is required by law or you consent to a talent‑pool retention

When data are no longer needed, we will delete them or irreversibly anonymise them.

Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. No method of transmission or storage is completely secure. You use the Website at your own risk.

Your rights under UK data protection law

Subject to legal conditions and exemptions, you have the following rights:

  • right of access to your personal data and to receive a copy
  • right to rectification of inaccurate or incomplete data
  • right to erasure of personal data in certain circumstances
  • right to restrict processing in certain circumstances
  • right to data portability in certain circumstances
  • right to object to processing based on our legitimate interests, including the right to object at any time to direct marketing
  • right to withdraw consent at any time where we rely on consent (this does not affect the lawfulness of processing before withdrawal)

To exercise your rights, email admin@neitec. We may need to verify your identity and the scope of your request. We aim to respond within one month, or within the timeframe required by law.

You also have the right to lodge a complaint with the UK Information Commissioner's Office. Contact details: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, www.ico.org.uk. We would appreciate the opportunity to address your concerns first.

Children's privacy

The Website is not directed to children and we do not knowingly collect personal data from individuals under 16 years of age. If you believe a child has provided personal data via the Website, please contact us so we can take appropriate action.

Third‑party links and services

The Website may include links to third‑party websites, plug‑ins or services. We are not responsible for their privacy practices and encourage you to review their privacy notices.

Do Not Track

Some browsers offer a "Do Not Track" signal. There is no industry consensus on how to respond. We do not currently respond to such signals. You can manage non‑essential cookies through our consent tools at any time.

Automated decision‑making and profiling

Your use of the Website does not involve decisions based solely on automated processing that produce legal or similarly significant effects. We may use automated tools to route enquiries or to perform aggregated analytics; you can always contact us for human review.

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date above indicates when the latest version took effect. If we make material changes, we will notify you via the Website or by other reasonable means.

How to contact us

For any questions about this policy or to exercise your rights, please email admin@neitec. If you prefer to write, please address your letter to "Privacy Team" at NEITEC Ltd's registered office in the United Kingdom. We will provide our full postal details on request by email.

Annex: Summary of data categories and purposes

  • Identity and contact data: to respond to your enquiries, manage event registrations and subscriptions, and provide information you request.
  • Subscription and preference data: to send communications you have opted into and to respect your choices.
  • Usage and technical data: to operate, secure and improve the Website and to understand engagement (with consent for non‑essential analytics).
  • Cookies and similar technologies: to remember preferences, measure performance and, where permitted, tailor content; controls are provided via our consent tools.
  • Event data: to organise and administer events or webinars you register for.
  • Careers data: to evaluate your candidacy and manage recruitment processes where you apply for roles through links on the Website.
  • Business‑development data: to conduct permitted business‑to‑business outreach to organisations that may be interested in Debita, in line with UK law.