Legal Information
Version dated 25th May 2026. This version replaces all previous versions of the Dato Capital legal information.
1. Overview
The Dato Capital websites are owned by DATO CAPITAL LTD (United Kingdom) and operated under the "Dato Capital" brand on behalf of NETAMO SYSTEMS SL (Spain), which is the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (the "GDPR") for the processing of personal data carried out through these websites. Full identification details of both companies are available in the About Us page and in the Privacy Policy.
This page provides per-country information on the public registers and other official sources from which the data published on the websites is derived, the legal framework that makes that information publicly available, and the data protection laws under which the processing is carried out. The full Privacy Policy and the rights of data subjects apply to all of the jurisdictions listed below.
2. General framework
2.1 Data relating to legal entities is not personal data
As confirmed by Recital 14 of Regulation (EU) 2016/679 (GDPR), the GDPR "does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person". The European Commission has restated this position in its public guidance on the application of data-protection law to data about a company (available at commission.europa.eu).
Accordingly, data published on the websites that concerns a legal entity as such — including the company name, registered legal form, registration number, registered office, share capital, articles of association, annual accounts and similar corporate information — does not constitute personal data and falls outside the scope of the GDPR. Rights under the GDPR (including the right of erasure) cannot be exercised in respect of this category of information.
2.2 Data relating to natural persons
By contrast, information that identifies or relates to a natural person — including the names and corporate functions of directors, managers, members of supervisory or management boards, shareholders where disclosed, beneficial owners, persons with significant control, statutory auditors and equivalent — constitutes personal data within the meaning of Article 4(1) GDPR and is processed by NETAMO SYSTEMS SL in accordance with the GDPR.
Limited cases may arise in which information formally attached to a legal entity also identifies a natural person — for example, where a sole-trader business operates under the natural person's own name, or where a registered office disclosed in the source register corresponds to a private residence. In such cases, the information identifying the natural person is treated as personal data and is subject to the GDPR. The legal-entity information itself remains outside the scope of the GDPR. NETAMO SYSTEMS SL examines such cases on the individual circumstances of each request.
2.3 Applicable law
NETAMO SYSTEMS SL, as the controller established in Spain, processes personal data of natural persons appearing on the websites in accordance with the GDPR and with Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights, under the lead supervision of the Spanish Agencia Española de Protección de Datos (AEPD).
The fact that personal data are sourced from a public register does not exempt the controller from compliance with the GDPR. As confirmed by the Court of Justice of the European Union in Camera di Commercio di Lecce v Manni (judgment of 9 March 2017, C-398/15), data subjects retain the rights conferred by the GDPR in respect of personal data published in business registers. Such requests are examined on a case-by-case basis through a balancing of interests, as further described in the Privacy Policy.
In addition to the GDPR, the data protection laws of the jurisdictions from which the data are sourced may apply extraterritorially to the processing of personal data of residents of those jurisdictions. NETAMO SYSTEMS SL acknowledges this and addresses requests from residents of those jurisdictions through the same channel as GDPR requests (see section 4 below).
2.4 Legal basis and purpose of the processing
Across all jurisdictions, the legal basis on which the controller relies for the processing of personal data of natural persons appearing on the websites is Article 6(1)(f) GDPR (legitimate interest), or its equivalent in the applicable local law.
The legitimate interests pursued are of a public-interest character and include, in particular:
- Supporting transparency in commercial transactions, in line with the purpose of the public business registers from which the data are sourced;
- Enabling clients (including financial institutions, tax authorities, government bodies, law firms, journalists, compliance professionals and counterparties) to comply with their statutory obligations under anti-money-laundering, counter-terrorist-financing and know-your-customer legislation, in particular Directive (EU) 2015/849 and equivalent national legislation;
- Contributing to the prevention and detection of fraud, identity misuse, illegitimate concealment of beneficial ownership, and other abuses that would be facilitated by the selective removal of officer information from accessible business databases;
- Facilitating access to corporate information that is, by design of the relevant legal framework, intended to be publicly available.
2.5 Exceptions to the right of erasure
Article 17(3) GDPR provides that the right of erasure does not apply to the extent that processing is necessary, in particular, for compliance with a legal obligation to which the controller is subject, for reasons of public interest, or for the establishment, exercise or defence of legal claims. Where the processing of personal data of a corporate officer is necessary to give effect to the purposes described in section 2.4 above, NETAMO SYSTEMS SL may rely on Article 17(3) GDPR to decline an erasure request, in whole or in part. Any such decision is taken on a case-by-case basis, is communicated in writing to the data subject together with the reasons, and remains subject to the right of the data subject to lodge a complaint with a supervisory authority and to seek a judicial remedy.
Equivalent provisions in the applicable local data protection laws are applied in the same manner.
3. Jurisdictions covered
Spain (ES)
| Source register | Registro Mercantil (Trade Register); Boletín Oficial del Registro Mercantil (BORME, official commercial gazette); Registro de Titulares Reales (Register of Beneficial Owners). |
|---|---|
| Legal framework mandating publication | Código de Comercio; Real Decreto 1784/1996, de 19 de julio (Reglamento del Registro Mercantil); Ley 10/2010 de prevención del blanqueo de capitales y de la financiación del terrorismo (for beneficial-owner information). |
| Applicable data protection law | Regulation (EU) 2016/679 (GDPR); Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD). |
| Supervisory authority | Agencia Española de Protección de Datos (AEPD) — www.aepd.es |
United Kingdom (UK)
| Source register | Companies House (registrar of companies for England and Wales, Scotland and Northern Ireland); People with Significant Control register. |
|---|---|
| Legal framework mandating publication | Companies Act 2006; Small Business, Enterprise and Employment Act 2015 (PSC regime); Economic Crime (Transparency and Enforcement) Act 2022. |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). The transfer of personal data from Netamo (EEA) to Dato Capital LTD (United Kingdom) is carried out on the basis of the United Kingdom adequacy decision (Commission Implementing Decision (EU) 2021/1772, as renewed). For UK residents and processing in the United Kingdom: the United Kingdom General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 may apply additionally. |
| Supervisory authorities | For UK GDPR matters: Information Commissioner's Office (ICO) — ico.org.uk. For GDPR matters concerning Netamo: AEPD (Spain). |
The Netherlands (NL)
| Source register | Handelsregister (Trade Register) maintained by the Kamer van Koophandel (Chamber of Commerce); UBO-register (Register of Ultimate Beneficial Owners) maintained by the Kamer van Koophandel. |
|---|---|
| Legal framework mandating publication | Handelsregisterwet 2007 and Handelsregisterbesluit 2008; Implementing Act for the 4th and 5th Anti-Money-Laundering Directives. |
| Applicable data protection law | Regulation (EU) 2016/679 (GDPR); Dutch Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG). |
| Supervisory authorities | For requests from Dutch residents: Autoriteit Persoonsgegevens (AP) — autoriteitpersoonsgegevens.nl. Lead supervisory authority for Netamo: AEPD (Spain). |
Luxembourg (LU)
| Source register | Registre de Commerce et des Sociétés (RCS) — Luxembourg Business Registers; Recueil Electronique des Sociétés et Associations (RESA), the electronic gazette where corporate publications are made; Registre des Bénéficiaires Effectifs (RBE). |
|---|---|
| Legal framework mandating publication | Loi du 19 décembre 2002 concernant le registre de commerce et des sociétés ainsi que la comptabilité et les comptes annuels des entreprises; Loi du 13 janvier 2019 instituant un Registre des bénéficiaires effectifs. |
| Applicable data protection law | Regulation (EU) 2016/679 (GDPR); Loi luxembourgeoise du 1er août 2018 portant organisation de la Commission nationale pour la protection des données et du régime général sur la protection des données. |
| Supervisory authorities | For requests from Luxembourg residents: Commission nationale pour la protection des données (CNPD) — cnpd.public.lu. Lead supervisory authority for Netamo: AEPD (Spain). |
Malta (MT)
| Source register | Malta Business Registry (MBR); Beneficial Ownership Register maintained by the MBR. |
|---|---|
| Legal framework mandating publication | Companies Act (Chapter 386 of the Laws of Malta); Companies Act (Register of Beneficial Owners) Regulations. |
| Applicable data protection law | Regulation (EU) 2016/679 (GDPR); Maltese Data Protection Act (Chapter 586 of the Laws of Malta). |
| Supervisory authorities | For requests from Maltese residents: Office of the Information and Data Protection Commissioner (IDPC) — idpc.org.mt. Lead supervisory authority for Netamo: AEPD (Spain). |
Gibraltar (GI)
| Source register | Companies House Gibraltar; Gibraltar Register of Ultimate Beneficial Owners. |
|---|---|
| Legal framework mandating publication | Companies Act 2014; Register of Ultimate Beneficial Owners Regulations 2017 (as amended). |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Gibraltar residents and processing in Gibraltar: the Gibraltar GDPR (the UK GDPR as incorporated and modified for Gibraltar) and the Gibraltar Data Protection Act 2004 (as amended). Gibraltar is, since 1 February 2020, a third country for the purposes of EU GDPR. |
| Supervisory authorities | For Gibraltar GDPR matters: Gibraltar Regulatory Authority (GRA) — gra.gi. For GDPR matters concerning Netamo: AEPD (Spain). |
Panama (PA)
| Source register | Registro Público de Panamá (Public Registry of Panama). |
|---|---|
| Legal framework mandating publication | Código de Comercio de Panamá; Ley 32 de 1927 sobre Sociedades Anónimas; Ley 23 de 2015 (anti-money-laundering and beneficial-ownership obligations). |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Panamanian residents and processing in Panama: Ley 81 de 26 de marzo de 2019 sobre Protección de Datos Personales (in force since 29 March 2021) and its implementing decree. |
| Supervisory authorities | For requests from Panamanian residents: Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI) — antai.gob.pa. Lead supervisory authority for Netamo: AEPD (Spain). |
Cayman Islands (KY)
| Source register | Registrar of Companies, General Registry of the Cayman Islands; Beneficial Ownership Register maintained pursuant to the Companies Act. |
|---|---|
| Legal framework mandating publication | Companies Act (Revised); Beneficial Ownership Transparency Act 2023. |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Cayman residents and processing in the Cayman Islands: Data Protection Act (Revised) (formerly Data Protection Act 2017), in force since 30 September 2019. |
| Supervisory authorities | For requests from Cayman residents: Office of the Ombudsman of the Cayman Islands — ombudsman.ky. Lead supervisory authority for Netamo: AEPD (Spain). |
British Virgin Islands (VG)
| Source register | Registry of Corporate Affairs, BVI Financial Services Commission; Beneficial Ownership Secure Search System (BOSSs). |
|---|---|
| Legal framework mandating publication | BVI Business Companies Act 2004 (as amended); Beneficial Ownership Secure Search System Act 2017; BVI Business Companies (Amendment) Act 2022 (extended public-information obligations). |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For BVI residents and processing in the BVI: Data Protection Act 2021, in force since 9 July 2021. |
| Supervisory authorities | For requests from BVI residents: Office of the Information Commissioner of the British Virgin Islands. Lead supervisory authority for Netamo: AEPD (Spain). |
Bermuda (BM)
| Source register | Bermuda Registrar of Companies; beneficial-ownership information held in accordance with the Companies and Limited Liability Company (Beneficial Ownership) Act 2017. |
|---|---|
| Legal framework mandating publication | Companies Act 1981; Companies and Limited Liability Company (Beneficial Ownership) Act 2017. |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Bermuda residents and processing in Bermuda: Personal Information Protection Act 2016 (PIPA), in full force since 1 January 2025. |
| Supervisory authorities | For requests from Bermuda residents: Office of the Privacy Commissioner for Bermuda (PrivCom) — privacy.bm. Lead supervisory authority for Netamo: AEPD (Spain). |
Costa Rica (CR)
| Source register | Registro Nacional de Costa Rica — Registro de Personas Jurídicas; Registro de Transparencia y Beneficiarios Finales (RTBF) maintained by the Central Bank of Costa Rica. |
|---|---|
| Legal framework mandating publication | Código de Comercio de Costa Rica; Ley 9416 para Mejorar la Lucha contra el Fraude Fiscal (RTBF). |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Costa Rican residents and processing in Costa Rica: Ley 8968 de Protección de la Persona frente al tratamiento de sus datos personales (2011) and its Regulations (Decreto 37554-JP). |
| Supervisory authorities | For requests from Costa Rican residents: Agencia de Protección de Datos de los Habitantes (PRODHAB) — prodhab.go.cr. Lead supervisory authority for Netamo: AEPD (Spain). |
Curaçao (CW)
| Source register | Handelsregister (Trade Register) maintained by the Kamer van Koophandel & Nijverheid Curaçao; ultimate-beneficial-owner information maintained pursuant to anti-money-laundering legislation. |
|---|---|
| Legal framework mandating publication | Landsverordening Handelsregister; Wetboek van Koophandel; National anti-money-laundering legislation. |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Curaçao residents and processing in Curaçao: Landsverordening bescherming persoonsgegevens (LBP), in force since 2010. |
| Supervisory authorities | For requests from Curaçao residents: College bescherming persoonsgegevens (CBP). Lead supervisory authority for Netamo: AEPD (Spain). |
Venezuela (VE)
| Source register | Registros Mercantiles (regional commercial registers) under the Servicio Autónomo de Registros y Notarías (SAREN). |
|---|---|
| Legal framework mandating publication | Código de Comercio de Venezuela; Ley de Registro Público y del Notariado. |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Venezuelan residents: the constitutional right of habeas data under Article 28 of the Constitution of the Bolivarian Republic of Venezuela, in the absence of a comprehensive personal-data-protection statute. |
| Supervisory authorities | No dedicated data protection authority exists in Venezuela. Lead supervisory authority for Netamo: AEPD (Spain). |
Mexico (MX)
| Source register | Registro Público de Comercio (RPC); Sistema Integral de Gestión Registral (SIGER); beneficial-ownership information maintained pursuant to the Federal Tax Code. |
|---|---|
| Legal framework mandating publication | Código de Comercio; Ley General de Sociedades Mercantiles; Código Fiscal de la Federación (Article 32-B Ter). |
| Applicable data protection law | For Netamo's processing in the European Economic Area: Regulation (EU) 2016/679 (GDPR). For Mexican residents and processing in Mexico: Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados (public sector) and Ley Federal de Protección de Datos Personales en Posesión de los Particulares (private sector), as amended by the 2025 reform. |
| Supervisory authorities | For requests from Mexican residents: the federal authority designated under the 2025 reform (successor to the former Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales — INAI). Lead supervisory authority for Netamo: AEPD (Spain). |
4. Exercise of rights
Regardless of which jurisdiction's data protection law applies, data subjects may exercise their rights — in particular the rights of access, rectification, erasure, restriction, objection and (where applicable) data portability and withdrawal of consent — by addressing the data controller:
NETAMO SYSTEMS SL
Calle Zurbano 45, 1ª planta, 28010 Madrid, Spain
Email: privacy@netamo.com
NETAMO SYSTEMS SL will respond within one month from receipt of the request, in accordance with Article 12(3) GDPR. Equivalent or shorter response periods provided for under the applicable local law of the data subject's country will be observed where they are shorter than one month.
NETAMO SYSTEMS SL may request additional information to confirm the identity of the data subject where there are reasonable doubts, in accordance with Article 12(6) GDPR and the corresponding provisions of the applicable local data protection law.
Data subjects also have the right to lodge a complaint with a data protection supervisory authority. The lead supervisory authority for NETAMO SYSTEMS SL under the GDPR is the Spanish Agencia Española de Protección de Datos (AEPD). Data subjects may also lodge a complaint with the supervisory authority of their habitual residence, place of work or place of the alleged infringement — including, where applicable, the supervisory authorities of the jurisdictions identified in section 3 above.
5. Intellectual property
The selection, organisation, structure and presentation of the information made available through the websites, the source code of the websites, the "Dato Capital" brand, logos and graphic elements, and any database compiled in connection with the operation of the websites are protected by intellectual property rights, including copyright and sui generis database rights (where applicable). All such rights are owned by, or licensed to, NETAMO SYSTEMS SL.
The underlying factual information sourced from official public business registers is not, as such, owned by NETAMO SYSTEMS SL or by DATO CAPITAL LTD. That information remains subject to the legal regime of the relevant source register.
6. Accuracy of information
The information made available through the websites is derived from public registers in the jurisdictions listed in section 3 and is updated regularly to reflect changes in those registers. Users are referred to the original source register for the most up-to-date and authoritative version of any given record. The conditions under which the websites may be used are set out in the Terms of Service.
Search companies and directors from
Worldwide UK Gibraltar Luxembourg Spain Netherlands Curaçao Panama Malta Cayman Islands British Virgin Islands VenezuelaBermudaMexicoCosta Rica
