Privacy Policy

Last Updated: December 2022

The purpose of this Privacy Policy (also called a Privacy Notice) is to provide you with information on our use of Personal Data (as defined below) in accordance with applicable privacy laws that may be enacted from time to time, including the California Consumer Privacy Act (the “CCPA”).In this Privacy Notice, “we”, “us” and “our” refers collectively to DASTA, Inc. and its or their    affiliates and/or subsidiaries or delegates (together, “DASTA”).

Online Privacy Notice
The Privacy Policy applies to all natural persons who use the DASTA mobile application.

Personal Data
Personal Data means personal information that reasonably can be used to identify you as an individual person, and includes personal information on yourself that you provide to us, as well as the personal information of individuals connected with you (for example trustees, representatives, investors, clients, beneficial owners or agents). A "Data Subject" is an individual who is identified, or who can be directly or indirectly identified.
‍
In our use of Personal Data, DASTA is characterized as a “business” or “data controller” under various legal regimes including the CCPA. DASTA’s affiliates and delegates may act as “data processors” or “service providers”. If you are a natural person, this will affect you directly.What Personal Data do we collect and how?

We collect the following forms of Personal Data:
• Identifiers such as your name, postal address, social security number, phone number, email address, contact details.
• Information classified as personal or protected information by state or federal law, including your nationality, and place and date of birth.
• Commercial information, including tax information, bank account details, source of funds details, and details related to your investment activity.
• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
• Visual information, including your signature.
• Professional or employment-related information, including your employment, employer’s name, and income.
• Inferences that we draw from your personal information to create a profile about your preferences.

We collect this Personal Data in various ways, including:
1. Directly from the Data Subject: You provide us with Personal Data through various       interactions, including, but not limited to, creating a user profile, investing in securities, subscription to services (whether past, present of future), and recording of electronic communications or phone calls where applicable.
2. Indirectly from other sources: We may also obtain Personal Data from other public sources, such as public records and the Internet.
3. Financial Account Linking: DASTA offers account linking and aggregation services through Plaid Inc. (“Plaid”). By utilizing these services, you acknowledge and agree that the terms of Plaid’s Privacy Policy (currently located at: https://plaid.com/#end-user-privacy-policy) will govern Plaid’s use of such information, and you consent to Plaid’s Privacy Policy. Further, you expressly grant Plaid the right, power, and authority to access and transmit your information as reasonably necessary for Plaid to provide its services.

How and on what basis do we use Personal Data?
We use Personal Data for a variety of reasonable and legitimate business purposes, including, but not limited to, the following:
• where it is necessary for the performance of our rights and obligations under the Customer Agreement, the Terms of Use, and/or any related agreement for which the DATA Subject is subject to;
• where it is necessary for compliance with a legal and regulatory obligation to which DASTA is subject, such as compliance with anti-money laundering and FATCA/CRS requirements, and otherwise to screen transactions for fraud prevention, anti-money laundering purposes, and the prevention of crime and the reporting of appropriate tax- related information to tax authorities;
• to manage and maintain relationships and for ongoing customer service;
• for the development and improvement of our financial products and services;
• to provide liquidity to our investors;
• for the investigation and assertion of our legal rights;
• to perform financial and regulatory accounting and reporting;
• for quality, regulatory compliance, business analysis, training and related purposes, consistent with our legitimate interests, in the monitoring and recording of calls and other communications;
• for other purposes with the consent of the Data Subject where necessary; and/or
• for our other legal, personnel, administrative and management purposes, including where it is necessary for purpose of our legitimate interests and such interests are  not overwritten by your interests, fundamental rights or freedoms

With whom do we share Personal Data?
We do not sell any Personal Data to unaffiliated third-parties and have not sold any Personal Data in the past twelve (12) months.We will not use Personal Data for any purposes inconsistent with this Privacy Notice without your permission or other legal basis to process the Personal Data. We may share Personal Data to carry out and implement any and all purposes and objects of your investment activity, including:
1. With DASTA’s data processors or service providers (the “Delegates”), such as DASTA’s accountants, attorneys, consultants, and other professionals, which may use Personal Data, for example to provide its services to DASTA or to discharge the legal or regulatory requirements that apply directly to it or in respect of which the DASTA relies upon the Delegates, but such use of Personal Data by a Delegate will always be compatible with at least one of the aforementioned purposes for which we process Personal Data. The Delegates shall not retain, use, sell or otherwise disclose Personal Data for any purpose other than the specific business purpose for which DASTA has provided the information to the Delegate or as required by law.
2. With regulatory, administrative, law enforcement agencies, or other oversight bodies in certain circumstances where we and/or our Delegates are legally obliged or it is in our legal interests to share Personal Data and other information with respect to your activity in securities transactions with the relevant regulatory authorities such as the U.S. Securities and Exchange Commission.
3. With a third party that acquires, or is interested in acquiring, all or a substantial part of our assets or equity interests, or that succeeds DASTA in carrying on all or a part of our business.
4. As required by law or regulation, including to comply with a subpoena or similar legal process, including when we believe in good faith that disclosure is legally required.
5. Where necessary to protect DASTA’s rights and property.
6. In connection with providing liquidity.

Retention of Personal Data
We retain Personal Data for a minimum period of 7 years from the date on which an Investor closes its investment account or for as long as required to perform the services or comply with applicable legal or regulatory obligations.

How do we protect Personal Data?
We and our duly authorized Delegates shall apply appropriate technical, physical, and administrative information security measures designed to protect against unauthorized or unlawful processing of Personal Data, and against accidental loss or destruction of, or damage to, Personal Data. We do not guarantee that our security measures will always be adequate to avert any accidental loss or destruction of, or damage to, Personal Data

Children’s Privacy
We are committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. Our services are not intended for and may not be used by children under the age of 18. We do not knowingly collect information from children under the age of 18, and we do not target children under the age of 18.

Non-Discrimination
We will not discriminate against any Data Subject for exercising rights to access or request erasure of their Personal Data.

California Shine the Light Disclosure
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for direct marketing purposes in the preceding calendar year.We do not distribute your personal information to outside parties without your consent for their direct marketing.
‍
How to exercise your Data Subject Rights
Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.If you are making a request for erasure, we will ask that you confirm that you would like us to delete your personal information again before your request is submitted.You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.Agents who make requests on behalf of individuals, will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.

Complaints
We take very seriously any complaints we receive about our use of Personal Data. Questions, comments, requests or complaints regarding this Privacy Notice, or wish to discuss your data protection rights with us, please contact using the information below.
‍
‍
Contact Information
To exercise any of your rights or would like to discuss any questions or concerns, please contact us by writing to us at the following email address or physical addresses:
DASTA Incorporated
520 Broadway, 11th Floor New York, NY 10012
support@dubapp.com