Privacy Notice
The purpose of this Privacy Policy (also referred to as a Privacy Notice) is to inform you about how we use Personal Data (as defined below) in compliance with applicable privacy laws, including the California Consumer Privacy Act (CCPA) and other relevant regulations.
Throughout this Privacy Notice, the terms "we," "us," and "our" collectively refer to DASTA, Inc. and its affiliates, subsidiaries, or delegates (referred to as "dub").
Online Privacy Notice
This Privacy Policy applies to all individuals who use dub’s mobile app.
Personal Data
Personal Data refers to personally identifiable information that can reasonably identify you as an individual. This includes information you provide about yourself as well as personal information of individuals associated with you, such as trustees, representatives, investors, clients, beneficial owners, or agents. A "Data Subject" is an individual who is identified or can be directly or indirectly identified.
dub acts as a "business" or "data controller" for Personal Data under various legal frameworks, including the CCPA. dub's affiliates and delegates may act as "data processors" or "service providers." This directly applies to you as a natural person.
What Personal Data do we collect and how?
We collect the following types of Personal Data:
- Identifiers, such as your name, postal address, social security number, phone number, email address, and contact details.
- Information classified as personal or protected by state or federal law, including nationality, place, and date of birth.
- Commercial information, including tax information, bank account details, source of funds details, and investment activity-related information.
- Internet or electronic network activity information, including browsing history, search history, and interaction with websites, applications, or advertisements.
- Visual information, including your signature.
- Professional or employment-related information, including your employment, employer's name, and income.
- Inferences drawn from your personal information to create a profile reflecting your preferences.
We collect this Personal Data through various means, including:
- Directly from the Data Subject: You provide Personal Data through interactions such as creating a user profile, investing in securities, subscribing to services (past, present, or future), and recording electronic communications or phone calls when applicable.
- Indirectly from other sources: We may obtain Personal Data from public sources, such as public records and the Internet.
- Financial Account Linking: dub offers account linking and aggregation services through Plaid Inc. ("Plaid"). By using these services, you acknowledge and agree that Plaid's Privacy Policy (currently located at: https://plaid.com/#end-user-privacy-policy) will govern Plaid's use of the information, and you consent to Plaid's Privacy Policy. Additionally, you grant Plaid the right, power, and authority to access and transmit your information as necessary to provide its services.
- Google Maps API(s): Google offers address autocomplete and verifications services through their Places API. By using these services, you acknowledge and agree to Google’s Privacy Policy located at: https://policies.google.com/privacy, which will govern Google’s use of the information.
How and on what basis do we use Personal Data?
We use Personal Data for various reasonable and legitimate business purposes, including but not limited to:
- Fulfilling our obligations under the Customer Agreement, Terms of Use, and related agreements that apply to the Data Subject.
- Complying with legal and regulatory obligations, such as anti-money laundering requirements, FATCA/CRS compliance, fraud prevention, crime prevention, and tax-related reporting obligations.
- Managing and maintaining relationships, providing ongoing customer service, and improving our financial products and services.
- Direct marketing efforts for new products, services and features.
- Investigating and asserting legal rights.
- Performing financial and regulatory accounting and reporting.
- Conducting quality assessments, regulatory compliance, business analysis, training, and related purposes, including monitoring and recording calls and other communications.
- Pursuing other purposes with the consent of the Data Subject when necessary.
- Fulfilling other legal, personnel, administrative, and management purposes necessary for our legitimate interests, provided your interests, fundamental rights, or freedoms are not overridden.
With whom do we share Personal Data?
- We do not sell Personal Data to unaffiliated third parties, and we have not sold any Personal Data in the past twelve (12) months.
- We will not use Personal Data for purposes inconsistent with this Privacy Notice without your permission or any other legal basis for processing the Personal Data. However, we may share Personal Data to fulfill the purposes and objectives of your investment activity, including:
- With dub's data processors or service providers (referred to as "Delegates"), such as accountants, attorneys, consultants, and other professionals. The Delegates may use Personal Data to provide services to dub or fulfill legal or regulatory requirements. However, the Delegates are not allowed to retain, use, sell, or disclose Personal Data for purposes other than the specific business purpose for which dub provided the information, except as required by law.
- With regulatory, administrative, law enforcement agencies, or oversight bodies when legally obliged or when sharing Personal Data and other information related to your securities transactions with the relevant regulatory authorities, such as the U.S. Securities and Exchange Commission.
- With a third party that acquires, or expresses interest in acquiring, a substantial part of our assets or equity interests, or that succeeds dub in conducting all or part of our business.
- As required by law or regulation, including compliance with a subpoena or similar legal process when we believe in good faith that disclosure is legally required.
- When necessary to protect dub's rights and property.
Retention of Personal Data
We retain Personal Data for a minimum period of 7 years from the date an investor closes their investment account or as long as required to provide services or comply with applicable legal or regulatory obligations.
How do we protect Personal Data?
We and our duly authorized Delegates apply appropriate technical, physical, and administrative information security measures to prevent unauthorized or unlawful processing of Personal Data and protect against accidental loss, destruction, or damage to Personal Data. However, we cannot guarantee that our security measures will always be sufficient to prevent any accidental loss, destruction, or damage to Personal Data.
Children's Privacy
We are committed to protecting the privacy of children, and we encourage parents and guardians to be actively involved in their children's online activities and interests. Our services are not intended for or to be used by children under the age of 18. We do not knowingly collect information from children under the age of 18, and we do not target children under the age of 18.
Non-Discrimination
We will not discriminate against any Data Subject for exercising their rights to access or request erasure of their Personal Data.
California Shine the Light Disclosure
Under California's "Shine the Light" law, California residents can request and obtain information, free of charge, about the personal information disclosed to third parties for direct marketing purposes in the preceding calendar year.
We do not distribute your personal information to outside parties for direct marketing without your consent.
How to exercise your Data Subject Rights
Individuals who submit requests to access or erase personal information will be required to verify their identity by answering specific questions. We will not disclose or delete any information until the identity is verified.
If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure poses a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.
If you are making a request for erasure, we will ask you to confirm your desire for us to delete your personal information before submitting your request.
You may appoint an authorized agent to submit a request on your behalf by providing the agent with written permission. If an agent submits a request on your behalf, we may still ask you to verify your identity directly before honoring the request.
Agents making requests on behalf of individuals must verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.
Complaints
We take any complaints about our use of Personal Data seriously. If you have any questions, comments, requests, or complaints regarding this Privacy Notice or wish to discuss your data protection rights with us, please contact us using the information below:
Contact Information
To exercise your rights, or if you have any questions or concerns, please contact us by writing to us at the following email address or physical address:
101 Greenwich Street, Floor 2, Suite 402
New York, NY 10006
Email: support@dubapp.com
Please note that this Privacy Policy is subject to change, and any updates or modifications will be posted on our website with the revised "Last Updated" date. It is recommended to review this Privacy Policy periodically to stay informed about our data practices.
Comments
0 comments
Please sign in to leave a comment.