I.Acceptance / Amendment of the Privacy Policy
Acceptance of this Privacy Policy is required to access the Platform and the Services. It applies to all use of the Platform and the Services. The current Privacy Policy is the last one accepted by the User. It is applicable for the entire period of use of the Services by the User, starting from the date of its acceptance. Acceptance of the Privacy Policy is expressed by its validation during registration, via a checkbox for this purpose or an acceptance button.
Didomi reserves the right to change the Privacy Policy at any time, by notifying the User by email or notification at their next login to the Platform. If the User keeps using the Services and the Platform, they will be deemed to have accepted the modified Privacy Policy. If the User does not agree to the modified Privacy Policy, they must delete their Account and stop using the Services and the Platform.
II. Description of the processing
Didomi collects and processes only the personal data necessary to provide access to the Services and the Platform and to ensure their proper performance.
- Data storage,
- Consultation of data,
- Deletion of data,
The purpose of the processing is the provision of access to the Services and the Platform, which are the subject of the Terms of Use, and in general, the proper performance of the obligations contained therein.
- Email address,
- Login password,
- User name automatically generated based on the email address, which can be edited by the User.
The User warrants that they have all the rights and consents to provide this personal data.
The categories of persons concerned are the Users of the Platform and the Services, holders of an Account, or, depending on the situation, the employees or service providers of the User.
III. Didomi’s obligations
Didomi agrees to:
- process the data only for the sole purpose(s) set out in the Terms of Use and the Privacy Policy.
- protect the confidentiality of any personal data processed and protect the personal data from unauthorized access, disclosure, destruction and alteration. Didomi will only disclose the personal data to its employees and Didomi may disclose personal data if requested by an administration or a court, in compliance with applicable laws.
- ensure that the persons authorized to process personal data (i) agree to comply with confidentiality obligations or be subject to an appropriate statutory confidentiality obligation and (ii) receive the necessary training regarding the protection of personal data.
- take into account, as regards its own tools, products, applications or services, the data protection by design and data protection by default principles.
IV. Sub-processing
Didomi does not share the personal data with third-parties.
Notwithstanding the above, Didomi uses the following entities (hereinafter the “processor”) to carry out the following activities:
| NAME | Amazon Web Services EMEA SARL |
|---|---|
| ACTIVITY | Hosting |
| COUNTRY | EU |
| LEGAL BASIS FOR TRANSFER | N/A |
| NAME | Auth0 |
|---|---|
| ACTIVITY | Authorization |
| COUNTRY | US |
| LEGAL BASIS FOR TRANSFER | N/A |
| NAME | Google Ireland |
|---|---|
| ACTIVITY | Statistics |
| COUNTRY | EU |
| LEGAL BASIS FOR TRANSFER | N/A |
| NAME | ACTIVITY | COUNTRY | LEGAL BASIS FOR TRANSFER |
| Amazon Web Services EMEA SARL | Hosting | EU | N/A |
| Auth0 | Authorization | US | N/A |
| Google Ireland | Statistics | EU | N/A |
Didomi is free to add a processor to carry out specific processing activities. Didomi will provide information on its processors and via the following address: https://privacy.didomi.io/ and shall be updated at least each year. If the User does not agree with the change, they may delete their Account and terminate the Service.
Didomi will ensure that any transfer of personal data outside of the EEA uses one of the available transfer mechanisms such as an adequacy decision or standard contractual clauses.
V. Exercise of the data subjects’ rights
To the greatest extent possible, Didomi shall, by adopting appropriate technical and organizational measures, ensure data subjects the right to exercise of their rights.
Data subjects have the rights detailed in Articles 12 to 23 of the GDPR, and in particular (if applicable to the request) the right of access, rectification, erasure and objection, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).
These rights can be exercised by contacting the Didomi DPO with the relevant details of the request. Didomi may ask for additional information if needed. A response will be provided at the latest within one (1) month from the receipt of the request, free of charge. In case of a request to access the personal data, Didomi will provide a copy of the data subject’s personal data in its possession.
VI. Security measures
Didomi implements appropriate technical and organizational measures in order to guarantee an appropriate security level, taking into account the state of the art, the implementation costs and the nature, scope, context, purposes and associated risks.
VII. Retention
Didomi undertakes to delete all personal data upon deletion of the Account by the User or upon request at any time while the Account exists, except if such data has been anonymized, in which case Didomi may retain it without limitation, or if Didomi is legally required to keep it for a longer period of time, in which case the personal data would be retained for the legal retention period.