Privacy and Data Protection Policy – DiMartedì
Last updated: July 1, 2025. We are committed to protecting your privacy in full compliance with Canada's PIPEDA legislation.
Version 4.0 – Revision Date: April 15, 2026
Article 1: Identification of the Data Controller and DPO
This Privacy Policy defines the strict data processing protocols applied by DiMartedì (hereinafter "the Platform", "We" or "Our") company, whose registered office is strategically located at 17 Rue de la Banque, 75002 Paris, France. We act as Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act. To ensure absolute integrity of your information, a Data Protection Officer (DPO) has been appointed and remains contactable at the secure address: [email protected].
Article 2: Categories of Data Collected (Minimisation Principle)
To ensure an institutional-level technological and analytical service, we fairly and transparently collect the following categories of data:
Identity and Civil Status Data: Name, first names, date of birth, nationality, and certified copies of identity documents (strictly within the framework of KYC/AML obligations).
Contact Data: Authenticated email address, active mobile phone number, and official residence address.
Financial and Telemetric Data: Information on the origin of funds, transaction history, digital wallets (if applicable), and user risk profiles.
Digital Footprint and Interaction: IP addresses, unique device identifiers, geographical routing data, and granular logs of interaction with our predictive interfaces.
Article 3: Legal Bases and Strict Purposes of Processing
In accordance with Article 6 of the GDPR, our data processing is based on the following grounds:
Contract Performance: Essential for the opening, management of the account infrastructure, and the provision of our proprietary services.
Compliance with Legal Obligations: Necessary to comply with the French Monetary and Financial Code, AMF directives, and anti-money laundering (AML-CFT) laws.
Legitimate Interest: Required to ensure proactive cybersecurity of the platform, prevent fraud, and optimize our technological models through anonymized data aggregates.
Express Consent: For sending personalized market reports and deploying non-essential analytical cookies.
Article 4: Infrastructure Security and Encryption
DiMartedì deploys institutional-grade security measures:
Encryption at Rest: Use of the AES-256 algorithm for all sensitive databases.
Secure Transport: Data flows between the client and our servers are secured end-to-end via the TLS 1.3 protocol.
Sovereign Hosting: Data is hosted on redundant and highly secure servers located exclusively within the European Economic Area (EEA).
Article 5: Retention and Archiving Policy
Your personal information is retained only for the strictly necessary period:
Active Data: Maintained for the entire duration of the contractual relationship.
Legal Archives: Identity records and financial registers are kept in an immutable archive for a period of five (5) to seven (7) years after account closure, in accordance with French tax and regulatory obligations.
Article 6: Exercise of Your Inalienable Rights
The European and French legal framework grants you sovereign rights: right of access, right to rectification, right to erasure ("right to be forgotten"), right to restriction of processing, right to data portability, and right to object. Any request must be addressed to our DPO ([email protected]). You also have the right to lodge a complaint with the CNIL (www.cnil.fr).