Opt-out

Opt-out, removal and rights requests

This page explains how natural persons whose data appears on the Dato Capital websites may request the removal, anonymisation, restriction or rectification of personal data concerning them, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

The Dato Capital websites are operated under the "Dato Capital" brand by DATO CAPITAL LTD on behalf of NETAMO SYSTEMS SL (Spain), which is the data controller for personal data published on the websites. Requests under this page are addressed to NETAMO SYSTEMS SL.

Scope of personal data on the websites

The Dato Capital websites publish information sourced from official public business registers. Under Recital 14 of the GDPR and the European Commission's published position on the application of data-protection law to data about a company, data relating to legal entities as such — including the company name, registered legal form, registration number, registered office, share capital, articles of association and similar corporate information — is not personal data and falls outside the scope of the GDPR. The rights described on this page can be exercised only in respect of personal data of natural persons.

By contrast, the names and corporate functions of natural persons holding or having held a corporate office (directors, managers, members of supervisory or management boards, shareholders where disclosed, beneficial owners, persons with significant control, statutory auditors and equivalent) are personal data within the meaning of Article 4(1) GDPR. Requests in respect of such information are handled in accordance with the rights and procedures set out below.

Rights you may exercise

In accordance with Articles 15 to 22 GDPR, you may exercise the following rights in respect of personal data concerning you:

• Right of access (Article 15 GDPR);
• Right to rectification (Article 16 GDPR), where the data are inaccurate;
• Right to erasure (Article 17 GDPR), subject to the exceptions provided for in Article 17(3) GDPR;
• Right to restriction of processing (Article 18 GDPR);
• Right to object (Article 21 GDPR), at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of legitimate interest under Article 6(1)(f) GDPR.

Legal basis of the underlying processing

The processing of personal data of natural persons appearing on the Dato Capital websites is carried out on the basis of Article 6(1)(f) GDPR (legitimate interest). The legitimate interests pursued include, in particular: supporting transparency in commercial transactions, in line with the purpose of the public business registers from which the data are sourced; enabling clients — including financial institutions, tax authorities, government bodies, law firms, journalists, compliance professionals and counterparties — to comply with their statutory obligations under anti-money-laundering, counter-terrorist-financing and know-your-customer legislation, in particular Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015; and contributing to the prevention and detection of fraud, identity misuse and illegitimate concealment of beneficial ownership.

The selective removal of officer information from accessible business databases is identified in Annex III(2)(b) of Directive (EU) 2015/849 as a factor of potentially higher risk in anti-money-laundering compliance. NETAMO SYSTEMS SL takes this into account when balancing the interests at stake in each rights request.

Exceptions to the right of erasure

Article 17(3) GDPR provides that the right of erasure does not apply to the extent that processing is necessary, in particular, for compliance with a legal obligation to which the controller is subject, for reasons of public interest, or for the establishment, exercise or defence of legal claims. Where the processing of personal data of a corporate officer is necessary to give effect to the purposes described above, NETAMO SYSTEMS SL may rely on Article 17(3) GDPR to decline an erasure request, in whole or in part. Any such decision is taken on a case-by-case basis, is communicated in writing to the data subject together with the reasons, and remains subject to the right to lodge a complaint with a supervisory authority and to seek a judicial remedy.

Registered offices at residential addresses

Where the registered office of a company disclosed in the source register corresponds to a private residential address, that fact does not, by itself, change the legal status of the company data. The company information remains outside the scope of the GDPR. The natural person whose residence appears as the registered office may, however, have a right to object under Article 21 GDPR in respect of the personal data identifying them in that context. Such cases are examined individually, taking into account the balancing of interests required by Article 21(1) GDPR.

Communication with authorities

Where required by law or by a competent authority — including tax authorities, financial-intelligence units, judicial authorities or supervisory authorities — NETAMO SYSTEMS SL may communicate information relating to the exercise of rights requests, including the identity of the requester and the reasons given. This may apply in particular in the context of anti-money-laundering investigations.

How to submit a request

Requests should be addressed to:

NETAMO SYSTEMS SL — Data Protection
Calle Zurbano 45, 1ª planta, 28010 Madrid, Spain
Email: privacy@netamo.com

To enable the request to be processed promptly, please include:

• Your full name and any name variants under which you appear on the websites;
• The URL(s) of the page(s) concerned, where known;
• The nature of the request (access, rectification, erasure, restriction, objection);
• Where applicable, the grounds relating to your particular situation supporting an objection under Article 21 GDPR.

Verification of identity

In accordance with Article 12(6) GDPR, where NETAMO SYSTEMS SL has reasonable doubts as to the identity of the person making a request, additional information necessary to confirm the identity of the data subject may be requested. NETAMO SYSTEMS SL applies the following principles when verifying identity:

• Identity is first verified using the least intrusive reliable method appropriate to the circumstances of the request;
• Additional information may be requested where the request is made from an email address not already linked to the relevant data subject, where the request concerns processing with significant potential impact (such as the deletion of historical corporate-officer information), or where there are other reasonable doubts as to identity;
• Submission of an official identity document is not required by default. Where additional verification is needed, NETAMO SYSTEMS SL will request only the information strictly necessary for the verification, in line with the data-minimisation principle of Article 5(1)(c) GDPR;
• Any verification information submitted is used solely for the purpose of identity confirmation and is retained only for the period strictly necessary for that purpose and to demonstrate compliance.

Where identity verification is requested and not provided within a reasonable time, the request may be paused or, if verification is never received, treated as not pursued. This is without prejudice to the right of the data subject to submit a new request at any time.

Response time

In accordance with Article 12(3) GDPR, NETAMO SYSTEMS SL will respond to the request without undue delay and in any event within one month from receipt. That period may be extended by two further months where necessary, taking into account the complexity and number of requests; in such case, the data subject will be informed of the extension within one month of receipt of the request, together with the reasons for the extension.

Where additional information is requested under Article 12(6) GDPR for identity verification, the one-month period starts to run upon receipt of that information.

Outcome of the request

NETAMO SYSTEMS SL will communicate the outcome of the request in writing. Where the request is granted in whole or in part, the corresponding action is taken on the public website and, where appropriate, an internal record of the exercise of the right is kept to give effect to the request and to prevent re-publication. Where the request is declined in whole or in part, the reasons are stated, including any reliance on Article 17(3) GDPR or on the balancing of interests under Article 21(1) GDPR.

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent lead supervisory authority for NETAMO SYSTEMS SL is the Spanish Agencia Española de Protección de Datos (AEPD), C/ Jorge Juan, 6, 28001 Madrid, Spain — www.aepd.es. You may also lodge a complaint with the supervisory authority of the EU Member State of your habitual residence, place of work or place of the alleged infringement, and you have the right to seek a judicial remedy.

Full information on the processing of personal data carried out through the websites is available in the Privacy Policy. The legal framework applicable in each jurisdiction is described on the Legal Information page.