Self service

Privacy Policy

This Privacy Policy describes the use, collection, retention, protection and disclosure of personal data of the User, by Didomi, in the context of the provision of the Services.

It applies to any user or visitor of the website who has created an account by themselves using the registration process available at https://console.didomi.io/auth/register, as opposed to accounts and organizations created by Didomi support team. This Privacy Policy is part of the Terms of Service.

Both Didomi and the User are acting as data controller of the personal data listed in this Privacy Policy, as defined in the GDPR, and are independently responsible for their own use of this personal data.

The definitions set out in the Terms of Use, available at https://tos.console.didomi.io/, are also applicable in this Privacy Policy.

Didomi warrants that it will collect and process the personal data in compliance with applicable law and regulations, including the General Data Protection Regulation (GDPR).

For any question on this Privacy Policy and Didomi’s personal data policies, Didomi’s Data Protection Officer can be contacted at dpo@didomi.io.

I.Acceptance / Amendment of the Privacy Policy

Acceptance of this Privacy Policy is required to access the Platform and the Services. It applies to all use of the Platform and the Services. The current Privacy Policy is the last one accepted by the User. It is applicable for the entire period of use of the Services by the User, starting from the date of its acceptance. Acceptance of the Privacy Policy is expressed by its validation during registration, via a checkbox for this purpose or an acceptance button.

Didomi reserves the right to change the Privacy Policy at any time, by notifying the User by email or notification at their next login to the Platform. If the User keeps using the Services and the Platform, they will be deemed to have accepted the modified Privacy Policy. If the User does not agree to the modified Privacy Policy, they must delete their Account and stop using the Services and the Platform.


II. Description of the processing

Didomi collects and processes only the personal data necessary to provide access to the Services and the Platform and to ensure their proper performance.

The purpose of the processing is the provision of access to the Services and the Platform, which are the subject of the Terms of Use, and in general, the proper performance of the obligations contained therein.

The User warrants that they have all the rights and consents to provide this personal data.

The categories of persons concerned are the Users of the Platform and the Services, holders of an Account, or, depending on the situation, the employees or service providers of the User.


III. Didomi’s obligations

Didomi agrees to:


IV. Sub-processing

Didomi does not share the personal data with third-parties.

Notwithstanding the above, Didomi uses the following entities (hereinafter the “processor”) to carry out the following activities:  

NAME Amazon Web Services EMEA SARL
ACTIVITY Hosting
COUNTRY EU
LEGAL BASIS FOR TRANSFER N/A
NAME Auth0
ACTIVITY Authorization
COUNTRY US
LEGAL BASIS FOR TRANSFER N/A
NAME Google Ireland
ACTIVITY Statistics
COUNTRY EU
LEGAL BASIS FOR TRANSFER N/A
NAME ACTIVITY COUNTRY LEGAL BASIS FOR TRANSFER
Amazon Web Services EMEA SARL Hosting EU N/A
Auth0 Authorization US N/A
Google Ireland Statistics EU N/A

Didomi is free to add a processor to carry out specific processing activities. Didomi will provide information on its processors and via the following address: https://privacy.didomi.io/ and shall be updated at least each year. If the User does not agree with the change, they may delete their Account and terminate the Service. 

Didomi will ensure that any transfer of personal data outside of the EEA uses one of the available transfer mechanisms such as an adequacy decision or standard contractual clauses.


V. Exercise of the data subjects’ rights

To the greatest extent possible, Didomi shall, by adopting appropriate technical and organizational measures, ensure data subjects the right to exercise of their rights.

Data subjects have the rights detailed in Articles 12 to 23 of the GDPR, and in particular (if applicable to the request) the right of access, rectification, erasure and objection, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).

These rights can be exercised by contacting the Didomi DPO with the relevant details of the request. Didomi may ask for additional information if needed. A response will be provided at the latest within one (1) month from the receipt of the request, free of charge. In case of a request to access the personal data, Didomi will provide a copy of the data subject’s personal data in its possession.


VI. Security measures

Didomi implements appropriate technical and organizational measures in order to guarantee an appropriate security level, taking into account the state of the art, the implementation costs and the nature, scope, context, purposes and associated risks.


VII. Retention

Didomi undertakes to delete all personal data upon deletion of the Account by the User or upon request at any time while the Account exists, except if such data has been anonymized, in which case Didomi may retain it without limitation, or if Didomi is legally required to keep it for a longer period of time, in which case the personal data would be retained for the legal retention period.