1.Introduction

Protection of personal data is very important for us and we take it very seriously. This
Privacy Policy, the principles of which Nemesisquare s.r.l. follows, provides detailed
information on the personal data collected by Nemesisquare s.r.l. about you, the
purposes this data is used for and who has access to the data. Please take the time to
read this Privacy Policy and feel free to contact datacontroller@nemesisquare.it directly
with any questions or suggestions concerning the Policy.
Like most of companies, Nemesisquare s.r.l. collects data when you visit our website
Nemesisquare.it. It is possible to visit our site without leaving any identifying personal
data for us. However, please be aware that we do use cookies on our websites that
provide us statistical information. It helps us to analyse the behavioural patterns of the
visitors of our websites and to improve user experience. If you want to buy our service
from our websites or to get more information about it, then sharing your personal data
with us is necessary.
We process personal data in compliance with applicable personal data protection laws,
including the Regulation of the European Parliament and the Council (EU) 2016/679
(“GDPR”) as well as the Personal Data Protection Act of Italy.
Nemesisquare s.r.l. respects your right to control your privacy. It is important for us that
you can exercise your rights. Below you will find details on how to do this.

Please be aware that we can update our Privacy Policy and in that case we will notify
you about the changes. You can always find the current version of the Privacy Policy
from the page https:// nemesisquare.it/privacy.

2.Definitions

The Privacy Policy of NemesiSquare (legal name Nemesisquare s.r.l.) is based on GDPR.
The Privacy Policy we apply must be clear and understandable to the visitors of our
websites as well as to our contractual customers and to our partners. In order to ensure
that all the parties understand their rights in the same way, we explain the most
important terms here.
Data subject: Identified or identifiable natural person whose data is processed;
Personal Data: Any information concerning an identified or identifiable natural person
(“data subject”); identifiable natural person means a person who can be identified
directly or indirectly, in particular on the basis of identifying attribute, including name,
personal identification code, location information, network identifier, or on the basis of
one or more physical, physiological, genetic, mental, economic, cultural or social
characteristics of the natural person;
Processing of Personal Data: Automated or non-automated operation or set of
operations, including collection, documentation, organizing, structuring, storing,
customizing and modifying, querying, reading, using, transferring, distributing, or
making otherwise available, joining or combining, restricting, deleting or destructing of
personal data or set of them;
Profile analysis: Any automated processing of personal data involving the use of
personal data for the assessment of certain personal aspects of the natural person. In
particular, for analyzing or forecasting aspects related to the performance, financial
situation, health, personal preferences, interests, reliability, behaviour, location or
movement of the natural person concerned;
Controller: Natural or legal person, public entity, agency or other body which alone or
in cooperation with others determines the objectives and means of the processing of
personal data; if the objectives and means of such processing are determined in the law
of the Union or the Member State, the specific criteria for the Responsible Processor or
for assigning the one may be established in the law of the Union or the Member State;

Processor: Natural or legal person, public entity, agency or other body processing
personal data on behalf of the controller;
Set of data: Any organized set of personal data from which data can be derived on the
basis of certain criteria, regardless of whether the set of data is functionally or
geographically centralized, decentralized or distributed;
Recipient: Natural or legal person, public entity, agency or other body to whom
personal data is disclosed, whether or not it is a third party. The public entities which
can obtain personal data as a result of specific inquiry in accordance with the law of the
Union or the Member State, are not deemed to be recipients; these public entities
process such data in accordance with applicable data protection standards in the basis
of the processing purposes;
Third Party: Natural or legal person, public entity, agency or body, excluding the Data
Subject, Controller, Processor and persons who can process personal data under the
direct responsibility of the Controller or Processor;
“Consent” of the Data Subject: Voluntary, specific, conscious and unambiguous
statement by which the Data Subject in the form of an application or by explicit consent,
agrees with the processing of his/her personal data.

3.Data controller

Company name: Nemesisquare s.r.l. (hereinafter the “controller” or “we”)
Address: Corso Europa, 5, Lainate 20045 (Milan)
E-mail: datacontroller@Nemesisquare.it
Website: nemesisquare.it
We can be contacted by e-mail at datacontroller@nemesisquare.it.

4.Types of personal data and purposes for processing

Creation of account
The controller processes the following personal data about you to create an account:
● Name and Surname of the data subject
● Date of Birth

● Current address (town and country)
● Nationality
● Bank card details
● Username and password of the account (the “credentials”)
● Information about the legal entity which you are a representative of (in case of a
corporate customer);
● Information relevant about you as a beneficial owner (in case you are a
representative of a legal entity).
The legal basis for the processing of personal data in this case is Article 6(1)(b) in the
GDPR or Article 6(1)(f) in the GDPR (the legitimate interest of the controller to enter
into a business relationship with a corporate customer).
Offering of services
When offering services to you, the controller processes the following personal data
about you:
● Information related to your account;
● Information related to transaction.
The legal basis for the processing of personal data in this case is Article 6(1)(b) in the
GDPR.
AML and KYC procedures
For AML and KYC procedures we process the following personal data:
● name;
● last name;
● patronymic/middle name (when applicable to the national tradition);
● nationality;
● personal identification code or, if none, the date and place of birth and the place
of residence or seat;
● place and country of residence;
● personal tax number (if applicable);
● reason(s) for establishing business relationships;
● contact information – telephone number and e-mail address;

● if applicable, information on the identification and verification of the right of
representation and scope thereof and, where the right of representation does not
arise from law, the name of the document serving as the basis for the right of
representation, the date of issue, and the name of the issuer;
● political exposure;
● property and sources of income that are meant to be used in the transaction.
The legal basis for the processing of personal data in this case is Article 6(1)(c) in the
GDPR.
Marketing
The controller uses your name and e-mail address to send direct marketing.
Logs
The server that hosts our websites can also save your requests to the server (opened
URLs, type of the web browser and the device used, IP address, time of access). This
data is used only for technical purposes – to ensure proper functioning and security of
the website and for investigating any security issues. The legal basis for the processing
of personal data in this case is the legitimate interest of the controller the ensure the
functioning and security of its website (Article 6(1)(f) in the GDPR).
The controller logs when you log in and also logs your actions.
Handling of complaints
In case of complaint handling, we process your identification information to make sure
who submits the complaint, contact information (depending on how you contact us and
how you wish to receive response) and the information you provide in your complaint
and the information that is needed to analyse and resolve the issue.
The legal basis for the processing of personal data in this case is Article 6(1)(f) in the
GDPR – the legitimate interest of the controller to be able to protect its rights in case of
potential legal disputes with the customer.

5.Disclosure of personal data

The Company discloses your personal data about you to its employees, contractors, as
well as services providers when this is necessary as part of providing services to you.

All employees of the controller are legally bound by confidentiality obligations. In certain
cases, the service providers to whom the controller discloses your personal data
constitute as data processors according to the GDPR. The controller concludes a data
processing agreement with every service provider who constitutes as a data processor
for the controller. The data processing agreement will comply with Article 28(3) in the
GDPR.
In certain cases, the controller may have to disclose your personal data to public
authorities, such as tax authorities. This may be necessary when a legal obligation exists
which the controller must comply with. In all cases where the controller discloses your
personal data to a public authority, the controller does this only when a suitable legal
basis exists. The controller follows the principles of data minimization and purpose
limitation (Article 5 in the GDPR) in all cases where disclosure of your personal data is
necessary. Your personal data will be disclosed to third parties only to the extent this is
necessary for fulfilling legitimate aims, based on a relevant legal basis.

6.Security of personal data

The controller has implemented appropriate technical and organizational measures to
ensure the security of the personal data.
The controller uses firewalls, malware scans, antivirus protections and other measure
that are needed to protect your personal data. In addition to technical measures, the
controller also has physical measures in place, that physical access measures, cameras,
security alarms. To understand all risks, the controller has business continuity plan, risk
assessments, training and other organizational measures in place.

7.Storage of personal data

The controller stores your personal data as long as this is necessary for fulfilling the
purposes determined by the controller and described in section 4 of this Privacy
Policy

8.Transfer of personal data

In case we transfer personal data, we follow the requirements of the GDPR.
We do not transfer personal data to third countries.

9.Data subject’s rights

By contacting by e-mail, you can exercise the following rights:
● The right to view your personal data;
● The right to correct your personal data;
● The right to delete your personal data;

● The right to transfer your personal data;
● The right that you will not be judged solely on the basis of automated data
processing;
● The right to withdraw your consent.
In certain cases, you have the right to demand restriction for processing of your
personal data and the right to object processing of your personal data.
You can exercise your rights in accordance with the terms and conditions based on
GDPR and other local regulations.
If you believe that your privacy has been compromised, please contact us by the email
address below. You also have the right to file a complaint to the data protection
supervisory authority of the country of your residence. In Italy, this is the Garante della
privacy.
With any questions, please feel free to contact us at datacontroller@nemesisquare.it.


Nemesisquare s.r.l. – Corso Europa, 5, Lainate 20045 (Milan) – VAT 12146590968 – REA MI – 2644082 – PEC nemesisquare@pec.it