Frequently Asked Questions
Q: Does Debt.com do business with people in the EU?
A: No, and has no intention of doing so.
Q: What is the current status of Debt.com’s GDPR compliance?
A: Debt.com intends and expects to comply with GDPR, as applicable, by its effective date on 25 May 2018, including having a legal basis under Article 6 GDPR for processing any personal data.
Q: How does Debt.com Software as Service products process personal data?
A: Minimally, if at all. Debt.com offers daily expert advice about money – how to make it, how to save it, and how to spend it. We even tell you how to go into debt the right way.
Q: Is sensitive data stored within Debt.com tools?
A: Debt.com does not currently believe that it processes, let alone seeks or expects that it will seek to process, any personal data that is subject to Article 9 GDPR, “Processing of special categories of personal data,” which, in reference to GDPR, is generally referred to as “sensitive personal data.”
Q: Are you a data processor, as you store and organize data from other sources?
A: Debt.com currently does not believe it is a data processor for a data controller, necessitating that it enter into customary and compliant data processing agreements with data controllers. However, should that change, in order to comply with GDPR, Debt.com believes that both Debt.com as a data processor and the data controller will need to enter into a compliant data processor agreement.
Q: Is Debt.com able or will Debt.com be able to respond to data subject requests under GDPR?
Q: In particular, if I am a data subject and Debt.com is a data controller to my personal data, can Debt.com comply with my request “to be forgotten”?
A: Yes. However, a data subject should understand the consequences of such a request.
For example, with respect to any personal data that provides the necessary contact details in order to administer a subscription for a subscriber that is an organization, Debt.com will need to replace the contact information within its system in order to manage the subscriber’s subscription and account.
For any subscribers who are individuals, complying with a request to be forgotten will, of course, cause a permanent termination of the subscriber’s account and subscription.
If you are a data subject and have requests of Debt.com under GDPR related to your individual rights in your personal data, including a “request to be forgotten/for erasure,” “rectification,” etc., please email firstname.lastname@example.org. Debt.com will promptly review your request and respond to you.
Q: Which personal data does your company collect?
A: Most of the personal data that Debt.com collects occurs in the user or subscriber account creation process, administration process, as well as the customer care and success processes. That typical data consists of a user or subscribers contact email address; state of residence, name and contact phone number.
Debt.com does not collect or process any sensitive personal data.
Debt.com’s efforts to identify all existing and any new sources of personal data collection are ongoing toward being compliant with GDPR by 25 May 2018.
Q: Where is the headquarters of your company?
A: Debt.com LLC is headquartered at
5769 W. Sunrise Blvd.
Plantation, FL 33313
Q: Are you offering data storage and all processing for your EU customers to take place within the EU?
A: As Debt.com is headquartered in the United States and is not “established” anywhere in the EU, it does not see any advantage in hosting personal data in the EU, since Debt.com will have no personnel in the EU to process any of the personal data in order to perform its obligations to its subscribers.
Q: Are you willing to sign the mandatory data processing agreement?
A: As answered in Question 4 (above), Debt.com currently does not believe it is a data processor for a data controller, necessitating that it enter into customary and compliant data processing agreements with data controllers. However, should that change, in order to comply with GDPR, Debt.com believes that both Debt.com as a data processor and the data controller will need to enter into a compliant data processor agreement.