GDPR Data Subject Rights

In accordance with the General Data Protection Regulation (GDPR), individuals located in the European Union have the right to request the deletion of their Personally Identifiable Information (PII) from all processing systems.

As Monite operates as a backend financial infrastructure provider, we do not maintain direct relationships with end users (such as merchants or consumers). Therefore, it is not Monite’s practice to receive Data Subject Rights (DSR) requests directly from individuals. Instead, these requests must be submitted by our partners — the financial institutions or platforms that maintain the direct relationship with data subjects.

Monite is fully committed to supporting GDPR compliance and works closely with partners to ensure timely and secure handling of all DSR requests.

How to submit a DSR request

Partners can submit a DSR request to Monite via our dedicated GDPR communication channel:

📩 gdprdsr@monite.com

Monite reserves the right to request reasonable evidence to verify the authenticity and scope of any Data Subject Request (DSR) submitted by a partner, in order to safeguard the security and integrity of the data deletion process.

Upon receiving a request:

  • A support ticket will be automatically created in Monite’s internal system.
  • A confirmation email with a link to the ticket will be sent to the originating partner for traceability and follow-up.

The legal obligation to delete personal data (PII) takes effect from the moment the request is submitted. Therefore, partners must notify Monite as early as possible to ensure timely and efficient processing of the request.

What Monite will do

Once a valid deletion request is received from a partner:

  • Monite will ensure that the request is duly authorized by the partner and contains sufficient information to accurately identify the data subject.
  • Monite will delete all PII associated with the identified individual or entity within 30 calendar days, in accordance with GDPR requirements.
  • The partner will be notified upon successful completion of the deletion process.

Important responsibilities and limitations

Monite’s role is comparable to that of cloud infrastructure providers (e.g., AWS). As such:

  • We do not determine the nature, classification, or retention of data — our partners serve as the data controllers and are responsible for these decisions.
  • It is the partner’s responsibility to retain any data necessary for legal, tax, or audit purposes. Monite does not assess or enforce such requirements.
  • Monite acts solely on the instructions of its partners regarding data processing and deletion.
  • Personal data contained in backup systems will be deleted in line with Monite’s standard backup retention and deletion schedule, and will not be restored or otherwise processed after deletion.

Questions?

For further information or clarification, partners may reach out via
gdprdsr@monite.com.