Privacy policy

01Who controls your data

The controller of personal data within the meaning of Art. 4(7) GDPR is:

Name

iDomino a.s.

Company ID

27091040

Registered office

Petrohradská 216/3, 101 00 Praha 10

E-mail

kamil.vasak@idomino.cz

Phone

+420 724 135 735

We have not appointed a Data Protection Officer (DPO) - the obligation does not apply to us. Send any questions about the processing of personal data to the e-mail above. We reply within 30 days.

02What data we process

Visitors to idomino.cz

During an ordinary visit to the website we collect no personal data. We don't use analytics cookies, advertising pixels or cross-site tracking. We cover cookies in detail in the Cookie policy.

If you click the „Book a presentation" button and have granted consent to marketing cookies, the Calendly widget opens, which processes the data you voluntarily provide during booking (name, e-mail, and possibly additional answers). Processing follows Calendly's policy.

People interested in iDomino

If you contact us by e-mail, by phone or book a meeting, we process:

• Identification data: first name, surname, company name, position.
• Contact data: e-mail, phone number, and possibly address.
• Communication content: your messages, meeting notes, requests for an offer.

Customers and users of the iDomino platform

For customers and their platform users we additionally process:

• Accounting and billing data: company ID, VAT ID, billing address, payment history.
• User operational data: username, e-mail, role in the platform, a log of logins and actions (for audit).
• Content entered by users: data on audits, downtime, action plans - this remains the customer's property. iDomino accesses it only for operation, support and on the customer's instruction.

03Purposes and legal basis of processing

We process personal data only for these purposes and only to the extent necessary for each purpose:

Communicating with you and arranging a meeting

Legal basis: the controller's legitimate interest (Art. 6(1)(f) GDPR) - namely responding to your inquiry. If you decide to respond, processing is necessary for steps prior to entering into a contract (Art. 6(1)(b) GDPR).

Performing the contract and providing the iDomino service

Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

Bookkeeping and meeting legal obligations

Legal basis: a legal obligation (Art. 6(1)(c) GDPR) - the Accounting Act, the VAT Act and others.

Marketing - newsletter, case studies, invitations

Legal basis:

• Existing customers: legitimate interest (Art. 6(1)(f) GDPR) under § 7(3) of Act No. 480/2004 Coll. - you can unsubscribe from every e-mail in one click.
• Other interested parties: explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.

Security and access auditing of the platform

Legal basis: legitimate interest (Art. 6(1)(f) GDPR) - protecting the platform and customer data against unauthorized access.

04Where we get the data

• Directly from you - when you write to us, call, book a meeting, fill in a form or log into the platform.
• From public registers - we verify company ID, VAT ID and registered office in ARES or the Commercial Register to issue invoices correctly.
• From your employer - if you are a platform user and your employer (the customer) created an account for you.

05Who we share data with

We do not sell personal data and do not pass it to anyone we don't strictly need to. Recipients acting as processors are:

• Calendly, LLC (USA) - meeting booking on the website; DPA + EU Standard Contractual Clauses.
• Cloud infrastructure providers on which the iDomino platform runs (data centers in the EU).
• Accounting and tax advisor as part of bookkeeping.
• Legal counsel where necessary.
• Public authorities where required by law (the tax office, courts, law-enforcement bodies).

Outside the EU/EEA we transfer data only in the case of Calendly (USA), with appropriate safeguards under Art. 46 GDPR (standard contractual clauses approved by the EU Commission).

06How long we keep the data

• Communication without a resulting contract: at most 24 months from the last contact.
• Contractual relationships: for the duration of the contract + 10 years (due to tax and accounting obligations).
• Marketing data: until consent is withdrawn, or 36 months from the last demonstrable interest.
• Platform operational logs: usually 12 months, unless agreed otherwise with the customer.

After the period expires we securely delete or anonymize the data.

07How we protect the data

We see security as a critical part of the service. Specifically:

• we encrypt all connections via HTTPS / TLS 1.2+,
• we encrypt data at rest (databases, backups) at the storage level,
• only a limited group of people has access to production systems; we use two-factor authentication,
• we keep an audit of access and user actions in the platform,
• we back up regularly and test the backups,
• we choose partners and subprocessors with regard to their security level and sign data processing agreements (DPAs) with them.

08Your rights

In relation to your personal data you have, in particular, the following rights. Just write to us - we reply within 30 days (in more complex cases within at most 3 months, of which we'll inform you in time).

• Right of access - you want to know what data we hold about you.
• Right to rectification - if the data is inaccurate or incomplete.
• Right to erasure („to be forgotten") - to the extent processing is not required of us by law.
• Right to restriction of processing.
• Right to portability of the data you provided to us.
• Right to object - especially to processing based on legitimate interest or for direct marketing.
• Right to withdraw consent where we required it. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right not to be subject to automated decision-making - we make no decision with legal effects for you based solely on automated processing.
• Right to lodge a complaint with the supervisory authority - the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.gov.cz.

09Contact & document updates

Anything about the processing of personal data - write to us at kamil.vasak@idomino.cz or call +420 724 135 735.

We may update this document to reflect the current state of processing and legal regulations. The current version is always available on this page. We announce significant changes with reasonable notice - customers by e-mail, website visitors by showing the cookie bar again.