II. Description of the processing
Didomi collects and processes only the personal data necessary to provide access to the Services and the Platform and to ensure their proper performance.The nature of the operations performed on the data is limited to:
- Data storage,
- Consultation of data,
- Deletion of data,
- Email address,
- Login password,
- User name automatically generated based on the email address, which can be edited by the User.
The User warrants that they have all the rights and consents to provide this personal data.
The categories of persons concerned are the Users of the Platform and the Services, holders of an Account, or, depending on the situation, the employees or service providers of the User.
III. Didomi’s obligationsDidomi agrees to:
- protect the confidentiality of any personal data processed and protect the personal data from unauthorized access, disclosure, destruction and alteration. Didomi will only disclose the personal data to its employees and Didomi may disclose personal data if requested by an administration or a court, in compliance with applicable laws.
- ensure that the persons authorized to process personal data (i) agree to comply with confidentiality obligations or be subject to an appropriate statutory confidentiality obligation and (ii) receive the necessary training regarding the protection of personal data.
- take into account, as regards its own tools, products, applications or services, the data protection by design and data protection by default principles.
Didomi does not share the personal data with third-parties.
Notwithstanding the above, Didomi uses the following entities (hereinafter the “processor”) to carry out the following activities:
|Name||Activity||Country||Legal basis for transfer|
|Amazon Web Services EMEA SARL||Hosting||EU||N/A|
Didomi is free to add a processor to carry out specific processing activities. Didomi will provide information on its processors and via the following address: https://privacy.didomi.io/ and shall be updated at least each year. If the User does not agree with the change, they may delete their Account and terminate the Service.
Didomi will ensure that any transfer of personal data outside of the EEA uses one of the available transfer mechanisms such as an adequacy decision or standard contractual clauses.
V. Exercise of the data subjects’ rights
To the greatest extent possible, Didomi shall, by adopting appropriate technical and organizational measures, ensure data subjects the right to exercise of their rights.
Data subjects have the rights detailed in Articles 12 to 23 of the GDPR, and in particular (if applicable to the request) the right of access, rectification, erasure and objection, right to limitation of processing, right to data portability, right not to be subject to an automated individual decision (including profiling).
These rights can be exercised by contacting the Didomi DPO with the relevant details of the request. Didomi may ask for additional information if needed. A response will be provided at the latest within one (1) month from the receipt of the request, free of charge. In case of a request to access the personal data, Didomi will provide a copy of the data subject’s personal data in its possession.
VI. Security measures
Didomi implements appropriate technical and organizational measures in order to guarantee an appropriate security level, taking into account the state of the art, the implementation costs and the nature, scope, context, purposes and associated risks.
Didomi undertakes to delete all personal data upon deletion of the Account by the User or upon request at any time while the Account exists, except if such data has been anonymized, in which case Didomi may retain it without limitation, or if Didomi is legally required to keep it for a longer period of time, in which case the personal data would be retained for the legal retention period.