PRIVACY POLICY

This policy defines how Davis & Morgan S.p.A., P.IVA 05838660966, with registered office in Piazzetta Bossi 1, 20121, Milan (MI) and all its operators, such as employees, collaborators and consultants (hereinafter “Davis & Morgan” or “Data Controller”) collects and processes personal data that may be acquired through websites referring to the domain www.dasset.it and the applications referable to “Dasset” (hereinafter, the “Platforms”), including through the access, by users (“Users” or “Interested Parties”), to their personal account or through the use of “cookies”, processing them in compliance with the principles of protection of personal data as established with the entry into force of the EU Regulation 679/2016, as well as Legislative Decree 196/2003, as amended, as well as any other relevant regulations in force (hereinafter, collectively, the “GDPR”).

The services and information offered by the Data Controller are intended for Users over the age of 18. Should the Data Controller become aware of the processing of data of children under 18 years of age, the Data Controller reserves the right to unilaterally and immediately discontinue the use of the service offered as well as to delete the data acquired.

This Data Protection Notice applies to all personal data processing activities performed by the Data Controller through the Platforms, together with the terms and conditions of service and other contractual documents to which Users have subscribed and to which express and full reference is made.


1. Principles applicable to the Processing of Personal Data

The Data Controller, in accordance with and for the purposes of GDPR, announces that the said legislation provides for the protection of individuals with respect to the processing of personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and fundamental rights.

In relation to the use of the Platforms, the following types of User are identified:

  • Non Registered-Users”: Users who use the Platforms in consultation mode and without the release of any personal information, with the exception of information collected automatically, through browsing (device ID, browsing information, IP address, etc.) or through cookies (view cookies policy);
  • Registered-Users”: upon registration and acceptance of the terms and conditions of service, they can access all the services offered by the Data Controller on the Platforms, whether they are individuals or legal entities.

2. Types of Information

Davis & Morgan may collect and process the following types of information:

  • Identifying information: Full name, e-mail address, gender, home address, telephone number, date of birth, nationality, signature, utility bills, photographs, and a video recording of the User.
  • Sensitive personal information: where permitted by law or following the User's consent, including biometric information, in order to verify the User's identity by comparing facial scan data extracted from photos or videos with ID photo; or information related to profession or employment, salary, etc.
  • Personal documents: copies or photos of identification documents, such as passport, ID card, driver's license, etc.
  • Data communicated by the User, relating to personal opinions about the service and information received, as part of surveys offered by the Data Controller.
  • Institutional information: legal incorporation documents, information on personal identification of beneficial owners, personal information on the board of directors and those responsible for the operations of the legal entity.
  • Financial information: bank account information, payment card information, source of funding, source of income, information on Users' financial knowledge, orientations, risk appetite, and investment preferences.
  • Transaction information: information about transactions made on the Data Controller’s services.
  • Information from cookies: For more information, see our Cookie Policy.
  • Communications including marketing communications: survey responses, information contained in surveys, data collection related to commercial and non-commercial preferences. Demographic data (e.g., income, family status, age group, gender, interests, etc.). Data related to browser/web history and preferences expressed through the selection/viewing/purchase of goods, services and content, mobile device information, including (if available) device type, device identification number, mobile operating system.
  • Blockchain data: the Data Controller may analyze public blockchain data, such as transaction IDs, transaction amounts, wallet addresses, transaction or event timestamps.

3. Purposes of processing

Except as already specified above, the personal data of the Users involved are used for the sole purpose of sending the requested information and are not communicated to third parties, unless the communication is imposed by legal obligations or is strictly necessary for the fulfillment of the requests. Data and information are processed fort the following purposes:

  • For the management of the contractual relationship with the Registered User, to create and maintain the User’s account, with this including personal data to collect and manage orders and process payments. Failure by the Data Controller to process the data will result in the impossibility of opening an account with the Data Controller or closing the account if it has already been opened, therefore, the processing is necessary for the provision of services.
  • The service provided by Davis & Morgan, through Platforms and for the benefits of Registered User, are subject to strict and specific laws and regulations that require the collection, use, and retention of certain personnel data (as listed in Section 2 above), as well as to process information about personal identity and, in some cases, sensitive personal data, for example to fulfill customer knowledge obligations ("KYC") under applicable laws and regulations and, in particular, to comply anti-money laundering laws and regulations. Therefore, the processing is necessary for the Data Controller to fulfill applicable legal and regulatory obligations and anti-money laundering laws and regulations.
  • In order to be able to communicate with the Registered User for the purpose of intervening in the resolution of any problems related to the services, as well as for the purpose of updating, resolving complaints or disputes. Even then, the processing is necessary to ensure the relevant interventions.
  • To promote the security and integrity of the Data Controller’s Platforms, as well as to verify and monitor identity or access to services, fight malware or security risks, and comply with applicable security laws and regulations.
  • To prevent and mitigate possible fraud or abuse of the Services and to protect the User from Account compromise or loss of funds and to ensure the security of Users. Therefore, the Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller and the interests of the Users.
  • To verify accounts and related activities, detect and resolve violations of terms and conditions, investigate suspicious activities, detect, prevent, and combat illegal behavior, detect fraud, and maintain the integrity of the Data Controller's services on the Platforms.
  • To send information, news, promotions, for marketing and advertising purposes, subject to the manifestation of consent by Registered Users. For this type of data, as well as for browsing data, usage data, marketing and research data, communications, the Data Controller will verify that the processing takes place only upon express consent, manifested at the time of registration. The Data Controller may also process Users' personal data for sending invitations to participate in events, including virtual events and/or webinars or other activities of the Data Controller, as well as for the processing of surveys on the evaluation of the Platforms and/or services rendered by the Data Controller. Data Subjects may unsubscribe from the aforementioned communications at any time by sending an appropriate request to the Data Controller.
  • To comply with applicable legal and regulatory obligations, or where required by the competent authorities, the Data Controller may access, read, store and disclose Users' information of any nature. The processing is necessary in order for the Data Controller to comply with the above obligations, as well as in cases where the Data Controller deems it appropriate, including where not required by applicable law but provided it is deemed appropriate by the Data Controller in good faith.

In all other cases, failure to provide the data requested in the User's registration will result in the impossibility of providing the related services indicated above.

In addition, the personal data of the User will be processed for purposes related to obligations under laws, regulations and EU legislation, as well as in compliance with the measures prescribed by the Privacy Guarantor, as well as for the exercise of the rights of the Data Controller, for example, the right of defense in court.

It is in any case understood that the Data Controller will process the data lawfully, where the processing:

  • is necessary for the management, development and execution of requests received from the User or for the execution of services provided on the Platforms;
  • is necessary to fulfill obligations under the law, a regulation, EU legislation or an order of the Public Authority;
  • is based on express consent where provided

4. Modalities of processing

The processing of personal data is carried out by means of the operations indicated in Article 4 No. 2) GDPR and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The User’s personal data are processed both in paper and electronic and/or automated form.


5. Retention of data

Data processing will last no longer than necessary to fulfill the purposes for which it was collected, such as storage or search criteria, notification, publication of asset information, etc.

According to Article 7 paragraph 3 of the GDPR, the data subject has the right to obtain at any time the revocation of consent to the processing. For the request of cancellation of their personal data, the Users may send a request to the e-mail address dpo@davismorgan.it

If a request for cancellation is not received by the Data Controller personal data will be retained for a period not longer than 10 (ten) years, starting from the date of the last access to the Platforms by User.

The Data Controller reserves the need to retain the data for a longer period for requirements to comply with legal obligations or to protect the rights of Data Controller or the third parties in court, both for tax and accounting purposes, in accordance with anti-money laundering laws.


6. Data Security

The Data Controller adopts security measures and organizational techniques aimed at protecting data and ensuring a level of security appropriate to the risk of loss, misuse or alteration, as established under Article 32 et seq. of the GDPR.

The Data Controller strives to protect the security of personal information during its transmission and storage by using encryption protocols and software. In addition, the Data Controller limits access to the User’s personal information to employees, consultants, and other third parties who have a need to know.


7. Access to data

The personal data collected may be processed by individuals or categories of individuals who act as Data Processors according to Article 28 of the Regulation or who are authorized to process the data according to Article 29 of the Regulation.

The data may be made accessible for the above purposes:

  • to employees and collaborators of the Data Controller in their capacity as co-owners and/or appointees and/or internal data processors, as well as to the Data Protection Officer (Data Protection Officer);
  • to third party companies or other entities (by way of example but not limited to: professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of Data Controller, in their capacity as external data processors, appointed for this purpose;
  • to third party service providers: for example, companies involved in data analysis, providing marketing assistance, payment processing content delivery, and credit risk assessment and management. These third party service providers have access to the personal information they need only to perform their function, but may not use it for any other purpose. In addition, they must process personal information in accordance with our contractual agreements and only as permitted by applicable data protection laws;
  • to companies that collaborate or use the services of Data Controller, with the sole purpose of providing services requested by the user or for the execution of information activities towards the latter and/or newsletters and/or marketing activities. In these cases, the companies are autonomous owners, so the Data Controller is not responsible for the data processing by them. The Data Controller is also not responsible for the content and compliance with data protection regulations by sites not operated by the Data Controller;
  • to Competent Authorities: the Data Controller may be required by law or a court to disclose certain information about the user or any commitment to the user to regulatory, law enforcement, and/or other competent authorities. Information regarding users may be released to judicial authorities as required by law;
  • in the case of transactions involving the transfer of company assets, business units or company shares, or any other unusual transactions involving a change in the Data Collector’s ownership asset, the user’s information generally represents one of the company assets being transferred, bur remains topic of the safeguards stated in the pre-existing data protection notices.

Outside of the aforementioned hypotheses, personal data will not be communicated except to subjects, bodies and authorities to whom communication is mandatory pursuant to provisions of law or regulation.

8. Communication of data

Without the need for express consent (ex art. 6 lett. b) and c) GDPR), the Data Controller may communicate the data of the User for the purpose referred to in art. 2 to supervisory bodies (such as Bank of Italy), judicial authorities, insurance companies for the provision of insurance services, as well as those subjects to whom the communication is mandatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous controllers.

In addition, the data may be made accessible, again for the above purpose:

  • employees and collaborators of the Data Controller, in their capacity as co-owners and/or appointees and/or internal data processors and/or systems administrators;
  • to third parties who perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors and who will be, in this regard, appointed.

9. Data transfer

Personal data are stored on servers located within the European Union. It is in any case understood that the Data Controller, where necessary, will also have the right to move the servers outside the EU. In this case, the Data Controller assures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, upon stipulation of the standard contractual clauses provided by European Commision.


10. Collection of navigation data

The computer systems and the technical and software procedures underlying the operation of the platforms acquire, in the course of their normal operations, certain personal data whose transmission is implicit in the access and operation mechanics and protocols in use on the Internet.

Each time Users connect to the Platforms and each time they requested content, access data is stored at the Data Controller’s systems, in the form of tabular or linear data files.

This category of data includes, for example, IP addresses the domain names of the computers used by the interested parties connecting to the site, the request from User’s browser, in the form of addresses in URI (Uniform Resource Identifier) notation, the date and time of request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numerical code indicating the status of response given by the server and other parameters related to the operating system and the computer environment of the interested party.

This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the platforms in order to identify the pages preferred by the users and provide increasingly appropriate content and to monitor its proper functioning. At the request of the Authority, the data could be used to verify the responsibility in case of hypothetical computer crimes against the platforms or the users.


11. About cookies, search engines and location data

Cookies are intended to speed up the analysis of Internet traffic, make it easier for users to access the services offered by the Site and App, and provide useful and relevant advertising to visitors. With the use of cookies, no personal data is transmitted or acquired and no systems are used to track users. If the User does not want the information he provides to be collected through the use of cookies, he can implement a simple procedure present in his browser that allows him to refuse the cookies function.

When the Platforms are used with the location tracking function enabled, they may collect and process real-time location information about the user. This data is processed anonymously, in a format that does not personally identify the user, and used for the sole purpose of facilitating the use of certain location-based features of the Platforms. Location services can be enabled or disabled by the Users at any time by accessing their device settings.

For more information, please view the Use of Cookies Page.


12. Rights of Data Subject

The User, according to Article 15 et seq. GDPR, may:

i. obtain confirmation of the existence or otherwise of personal data relating to him, even if not yet registered, and their communication in
intelligible form or that they be directly transmitted to third parties (“data portability”);

ii. obtain on indication of: a) the origin of personal data, b) the purpose and methods of processing, c) the logic applied in case of processing
carried out with the aid of electronic instruments, d) the identification detail of the owner, managers and designated representative, e): the
subjects or categories of subjects to whom the data may be communicated or who may become aware of them as designated representative in
the territory of the State, managers or appointees;

iii. obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or
blocking of data processed in violation of the law, including those that do not need to be kept for the purpose for which the data were collected
or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their
contents to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves
manifestly disproportionate effort compared with the right that is to be protected;

iv. object, in all or in part: a) on legitimate grounds, to the processing of personal data relating to him, even if pertinent to the purpose of collection;
b) to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it)

13. Contact details

The Data Controller is Davis & Morgan S.p.A., with registered office in Piazzetta Maurilio Bossi, 1 - 20121 Milan (MI).

The Data Protection Officer can be contacted by the Data Subject at the following email address dpo@davismorgan.it

The update list of any data controllers and data processors is stored at the register office of the Data Controller.

14. Methods of exercising rights

You may at any time exercise your right as stated in section 10 above by sending:

  • a registered letter with return receipt to Davis & Morgan S.p.A. - Registered office in Piazzetta Maurilio Bossi 1 - 20121 Milan (MI) or by pec: davismorgan@legalmail.it
  • an e-mail to dpo@davismorgan.it

© 2024 Davis & Morgan S.p.A. Intermediario Finanziario Ex. Art. 106 TUB al n. 211 – Piazzetta Bossi, 1 – 20121 Milano – Tel. +39 02 5412 1923 – E-mail: finance@davismorgan.it – PEC: davismorgan@legalmail.it –

Privacy Policy - P.IVA 05838660966 – REA di Milano n. 1853222 – Banca d’Italia n. 211 – Capitale Sociale Euro 7.000.000 Interamente Versato. Realizzazione sito web by V.B. DIGITAL SRLS

Realizzato con