Legally secure contracts

Secure legal framework for market participants

The trading of financial products is governed by many regulatory requirements. On seller and investor side several topics like banking law, banking secrecy, GDPR and KYC have to be considered. Debitos has evaluated all these topics in building up the platform and having exchanged part of the legal details with the German Banking Supervision (BaFin) to create a secure legal framework for the market participants to execute transactions.

Lastly the Bundesanstalt für Finanzdiensleistungsaufsicht (BaFin) (Federal Financial Supervisory Authority) ensures compliance with the Kreditwesengesetzes (KWG) (German Banking Act). There are also regulations which have a strong influence on the sale of receivables. During the development of the Secondary Debt Market, Debitos has considered all regulations.


Your data is encrypted

At Debitos we move in a sensitive data environment and consequently we attach particular importance to ensuring that your data is not exposable to third parties. One way of ensuring data integrity is SSL encryption.

SSL stands for Secure Sockets Layer and is a method of sending data between sender and recipient with 256 bit encryption. That means the transmitting computer encrypts the data and sends it to the recipient, who is the only person who can decrypt and read it. Since we place the greatest importance on the security of our customer data, we have selected the market leader GeoTrust for the encryption of data.

This is how our SSL encryption works

  1. Your computer (client) connects with a computer in the internet (server).
  2. The server sends a certificate back. Your computer verifies the authenticity of the certificate with a trust centre.
  3. A session key is generated and all data exchanged with the server is transmitted in encrypted form.

Secure computer centre

KWG compliant computer centre

At Debitos we move in a sensitive data environment and consequently we attach particular importance to storing your data in a secure computer centre. We have thus selected a KWG (German Banking Act) compliant computer centre for you. “KWG compliant” signifies that it fulfils the high requirements of German Banking Law and consequently it is appropriate for storing customer data of banks.

These requirements include, for example, strict access controls; safeguarding against failure through different electricity suppliers; fire safety measures; and backup computers etc.

Although Debitos is not a bank, we have voluntarily taken on this responsibility and sited our entire website operation in the Microsoft Azure data center.


Complies with the requirements of the KWG

The Microsoft Azure data center fulfils the requirements of §25a of the KWG in terms of data processing.


Access control

Strict rules govern access to the Microsoft Azure data center. Only selected employees may allowed access to the secure area for maintenance work.


Backup computer

All data is saved twice, so that in the case of a server outage the data is also saved on a second server.

Double-secure Data protection

Protection of your data is important for us

The internet and its constant flow of information open up new opportunities, but also new risks. Debitos has therefore already attached particular importance in the development of our platform to observing all areas of data protection law.

The Federal Data Protection Act contains strict regulations relating to the processing of personal data. We have developed procedures with our data protection officer for Debitos which take these regulations into account. Furthermore we have voluntarily made the decision to operate our Secondary Debt Market of Debitos in a computer centre which fulfils the high security requirements of a bank.


The Federal Data Protection Act & General Data Protection Regulation

The Federal Data Protection Act (BDSG) and General Data Protection Regulation (GDPR) regulate the processing of personal data.


Data protection authorities

The data protection authorities monitor compliance with the BDSG and GDPR.


Data Protection Officer

Our data protection officer is an independent person accessible to all Debitos users.
The contact details of the data protection officer are:

2B Advice GmbH
– Oliver Schürings –
Joseph-Schumpeter-Allee 25
53227 Bonn


Telefon:+49-228-92 61 65 120