Last updated: 2025-07-24
This privacy policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) to users of the Nexus Alternative service, provided by RiskIT s.r.l. via Ludovisi, 45 Rome – Italy – administration@riskit.it - VAT No: 08061901008
The user remains the sole owner of all personal and business data entered into the platform Nexus Alternative. All rights, title, and interest in and to the Data provided by the User while using the Nexus Alternative platform belong to the User, and all such Data is and will be considered Confidential Information of the User.
The User represents and warrants that he or she has the legal right and authority to provide such Data and will continue to maintain such rights while using the service.
RiskIT s.r.l., as the data processor, is responsible for managing the data solely for the purposes explicitly requested by the user and in accordance with applicable data protection laws. The User hereby grants RiskIT the right to use his or her Data to the extent reasonably necessary to provide the Services, Professional Services, Support Services, and Products, as well as to monitor their use and performance.
During the use of Nexus Alternative, the following categories of data may be collected:
Data is processed exclusively for the service that the user explicitly chooses to access through the platform. Examples include:
Legal basis:
Processing is necessary for the performance of a contract or pre-contractual measures requested by the user (Art. 6.1.b GDPR). Any further processing will only occur with the user’s explicit consent.
All data submitted is processed only in connection with the specific service or activity that the user has requested to participate in.
Data is not reused, repurposed, or disclosed outside of this context without the user’s explicit consent.
Exception:
When accessing their personal area, the user has the ability to view previously submitted information and may choose to reuse such data for other services offered on the platform (e.g., participation in a new investment selection process). In such cases, data will be processed again only following the user’s explicit action or confirmation within the platform interface.
Data is processed using secure digital systems, with appropriate technical and organizational measures in place to protect it from unauthorized access, alteration, or disclosure.
Data is not shared with external third parties, except in the following cases:
All data is stored and processed exclusively within Italy, hosted in a certified data center.
The data center infrastructure used by RiskIT has obtained multiple internationally recognized certifications, including:
No data transfers outside the EU are performed. Data remains fully under Italian jurisdiction.
Data is retained only for as long as needed to fulfill the service requested by the user. If the user consents, data may be retained for a longer period to enable access to future opportunities or historical records.
Under Articles 15–22 of the GDPR, users have the right to:
Requests may be submitted directly to the Data Controller using the contact details provided above.
This privacy policy is made available: