We ("Docomondo", "us", "we", or "our") are committed to protecting your privacy and want you to be secure when visiting the docomondo.com website (hereinafter referred to as the "Website").
This privacy policy (the "Privacy Policy") informs you of our policies regarding the collection, use and disclosure of Personal Data when you use our Website and the choices you have associated with that Data.
By using the Website, you agree to the collection and use of information in accordance with this Policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
1. Definitions
2. Personal Data We Collect
| Personal Data (or Data) | Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). |
| Data Subject (or User) | Data Subject is any living individual who is using our Website and is the subject of Personal Data. |
| Data Controller | Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. |
| Data Processor (or Service Provider) | Data Processor (or Service Provider) means any natural or legal person who processes Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. |
When you interact with our Website, we collect specific categories of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation(EU GDPR). The types of personal data we collect and the legal bases for processing are outlined below.
| Personal Identification Details- Article 6(1)(b) UK GDPR / EU GDPR – Contractual necessity | We collect first and last name and email address, for the purpose of user registration, providing services, and communicating with users. This data is processed based on the contractual necessity of providing the services you have requested. |
| Usage Data- Article 6(1)(f) UK GDPR / EU GDPR – Legitimate interests | We collect technical and usage-related information, including your device type, operating system, browser type, IP address, date/time of access, referring URLs, and pages visited. This data is collected to monitor system performance, ensure the security and integrity of the Website, and analyse user interaction patterns. Our legitimate interest lies in maintaining, optimising, and improving the functionality, security, and user experience of our digital services. |
| Location Data- Article 6(1)(a) UK GDPR / EU GDPR – Consent | We may collect and store location information from your device with your consent. We use this data to provide location-based features, such as personalised content or service recommendations. You can enable or disable location services at any time by adjusting your device settings. |
| Tracking and Cookies Data- Article 6(1)(a) UK GDPR / EU GDPR – Consent (except for strictly necessary cookies) | We use cookies and equivalent tracking technologies (e.g., web beacons, device identifiers, pixels, SDKs) to enhance your user experience, deliver personalised content, and perform analytics. Consent is requested for all non- essential cookies in compliance with the UK Privacy and Electronic Communications Regulations (PECR) and, where applicable, the EU ePrivacy Directive. You may modify your cookie preferences at any time via our Cookie Settings tool. |
| Indirectly Provided Data- Varies depending on context (Articles 6(1) (a), (b), or (f) UK GDPR / EU GDPR) | We may receive information about you from other users (e.g., in support queries mentioning you) or from third-party partners (e.g., analytics providers or advertising networks). Such processing is based on your prior consent, performance of a contract, or our legitimate interests as applicable, and only where such processing complies with applicable data protection laws. |
3. How We Collect Personal Data
We collect information about you when you use our Website, including browsing and taking certain actions within it.
| Means of collection | Explanation | Personal Data collected |
| Directly | ||
| Your use of the Website | We keep track of certain information about you when you visit and interact with our Website. | This information includes the Usage Data (as defined above in the Section 'Personal Data We Collect'). |
| Device and connection information | We collect information about your computer, phone, tablet, or other devices you use to access the Website. | This information includes the Location Data and Usage Data (as defined above in the Section 'Personal Data We Collect'). How much of this information we collect depends on the type and settings of the device you use to access the Website. |
| Cookies and other tracking technologies | We and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognise you across different services and devices. | This information includes the Tracking and Cookies Data (as defined above in the Section 'Personal Data We Collect'). For more information, please refer to our Cookie Policy. |
| Indirectly | ||
| Other users of the Website | Other users of our Website may provide information about you when they submit content through the contact form. | This information includes the Personal Details (as defined above in the Section 'Personal Data We Collect'). For example, you may be mentioned in technical support issue opened by someone else. |
| Other partners | We receive information about you and your activities on and off the Website from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements. | This information includes the Usage Data and Tracking and Cookies Data (as defined above in the Section 'Personal Data We Collect'). For more information, please refer to the Section 'Service Providers'. |
4. Legal Basis and Purposes
Our legal basis for collecting and using the Personal Data described in this Privacy Policy depends on the Personal Data we collect and the specific purposes for which we collect it:
| Legal Basis | Explanation | Purpose |
| Contract | Data Subject is any living individual who is using our Website and is the subject of Personal Data. |
|
| Consent | We may rely on your freely given consent at the time you provided your Personal Data. | To provide you with news, special offers and general information about goods, services and events which we offer (with your explicit consent). |
| Legitimate interests | We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. |
|
| Public interest | To meet regulatory and public interest obligations. | To maintain records and conduct compliance checks, e.g. anti-money laundering, fraud and crime prevention. |
5. Data Retention
We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, and to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
We may also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
6. Storage And Data Transfers
Your Personal Data may be stored in various locations depending on the nature of the data and yourusage of our Services:
As a data controller, we ensure that all data processors engaged to store or process Personal Data on our behalf are bound by written data processing agreements under Article 28 of the UK and EU GDPR and provide sufficient guarantees to implement appropriate technical and organizational measures
Where Personal Data is transferred outside the UK or European Economic Area (EEA), such transfers are made in accordance with Chapter V of the UK GDPR and EU GDPR. In particular, all core infrastructure providers—Amazon Web Services (AWS), PlanetScale, and Clerk — operate under GDPR-compliant Data Processing Agreements and implement appropriate safeguards.
Please note that we no longer rely on the invalidated EU-U.S. Privacy Shield as a lawful transfer mechanism. Instead, any transfer to U.S.-based processors (such as AWS or Clerk) is subject to the above safeguards and supplemented with additional contractual and technical protections where required.
If you have questions about the location of your Personal Data or would like to request a copy of theapplicable safeguards, you may contact us at privacy@docomondo.com.
7. Data Disclosure And Third Party Transfers
We may disclose your Personal Data in the following circumstances:
Third-Party Service Providers:
We may share your Personal Data with carefully selected third-party service providers who support the operation of our Services and process data on our behalf. These service providers act as data processors under a written contract and are obligated to handle your Personal Data in accordance with our instructions and the requirements set out in Article 28 of the UK GDPR and EU GDPR. These include:
International Data Transfers:
8. Data Security
We take the security of your Personal Data very seriously and have implemented appropriate technical and organisational measures to protect your data against unauthorised access, manipulation, loss, or destruction. These measures include, but are not limited to, encryption, two-factor authentication, firewalls, and secure data storage. Our security measures are regularly reviewed and updated to adapt to technological advancements and evolving security threats.
We ensure that all third-party providers (data processors) with whom we share your Personal Data implement adequate technical and organisational security measures, as required under Article 28 of both the UK GDPR and the EU GDPR.
Where Personal Data is transferred internationally, including to countries outside the United Kingdom or European Economic Area (EEA), we implement appropriate safeguards in accordance with Article 46 of the UK GDPR and EU GDPR. These safeguards include the use of Standard Contractual Clauses(SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Addendum, alongside other supplementary measures to ensure a level of protection essentially equivalent to that under UK and EU data protection law.
While we implement strong security measures, no method of data transmission over the Internet or electronic storage is completely secure. Therefore, we cannot guarantee the absolute security of your Personal Data. We advise you to protect your system by using up-to-date antivirus software, a spam filter, and a firewall. We are not liable for any unauthorised access or loss of data caused by cyber-attacks such as phishing, malware, or other types of unauthorised access.
The following table of technical and organisational measures describes the steps we have taken to protect your Personal Data:
| Measure | Details | Concrete actions |
| Confidentiality | ||
| Physical access control | No unauthorised access to our facilities. | Keys/magnetic chip cards |
| Electronic access control | No unauthorised use of the Data processing and Data storage systems. |
|
| Internal access contro | No unauthorised reading, copying, changes or deletions of Personal Data within the system. |
|
| Integrity | ||
| Data transfer control | No unauthorised Reading, Copying, Changes or Deletions of Data with electronic transfer or transport. |
|
| Data entry control | Verification whether and by whom personal data is entered into a Data Processing System, is changed or deleted. | Timestamp-based logging is implemented. As only one authorised staff member currently has access, user- specific tracking is not required but will be implemented as user base expands. Confidentiality and accountability are contractually ensured. |
| Availability and resilience | ||
| Availability control | Prevention of accidental or wilful destruction or loss. |
|
| Contract control | No third-party data processing as per Article 28 GDPR without corresponding instructions from the Client. |
|
| Data Protection policies | The processing of Personal Data is guided by binding confidentiality obligations and will be formalised through internal policies | Currently, employees with access to Personal Data are bound by Non- Disclosure Agreements (NDAs). |
The security of your Personal Data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
9. Data Protection Right
Under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), you have several rights in relation to your Personal Data. These rights are outlined below and apply depending on your location and the relevant legal framework governing the processing of your data:
| Right to access (Article 15 UK/EU GDPR) | You have the right to request access to your Personal Data, as well as confirmation of how we are processing it. This includes the right to obtain: –Confirmation that your data is being processed, – A copy of the Personal Data being processed, – Information on the purposes of processing, the categories of data processed, and any third-party recipients of your data. We will respond to your request within one month. In complex cases, this period may be extended by an additional two months in accordance with Article 12(3)UK/EU GDPR, and you will be informed of the extension and the reasons for it. |
| Right to Rectification (Article 16 UK/EU GDPR) | If any of your Personal Data is inaccurate or incomplete, you have the right to request that we correct or complete it. This ensures that the data we hold about you is accurate and up-to-date. We will respond to this request within one month, and if we are unable to rectify your data, we will inform you of the reasons. |
| Right to Withdraw Consent (Article 7 UK/EU GDPR) | If we process your Personal Data based on your consent (e.g., for marketing communications), you have the right to withdraw that consent at any time, and we will stop processing your data for that purpose. This does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by contacting us directly at privacy@docomondo.com or by using the unsubscribe link in any email communication. |
| Right to Erasure (Article 17 UK/EU GDPR) | You have the right to request the deletion of your Personal Data in the following circumstances: – When the data is no longer necessary for the purposes for which it was collected, – If you withdraw your consent and we have no other legal basis for processing, – If you object to the processing and there are no overriding legitimate grounds for processing, – If your data has been unlawfully processed, – The data must be erased to comply with a legal obligation under UK or EU law. We will respond to your request within one month, but there may be legal exceptions(e.g., for compliance with a legal obligation), in which case we will inform you of the reasons |
| Right to Restriction of Processing (Article 18 UK/EU GDPR) | You have the right to request that we restrict the processing of your Personal Data in the following circumstances: – If you contest the accuracy of the data (while we verify its accuracy), – If the processing is unlawful but you prefer a restriction to erasure, – If we no longer need the data for processing but you require it for the establishment, exercise, or defence of legal claims, – If you object to the processing (while we assess whether our legitimate interests override your objection). We will respond to this request within one month, and we will notify you once the restriction is lifted |
| Right to Data Portability (Article 20 UK/EU GDPR) | You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format (e.g., CSV, Excel) and to transmit this data to another data controller without hindrance, where the processing is based on your consent or contractual necessity. We will respond to this request within one month. This right applies only to data you have provided to us directly (e.g., through account creation or service usage) and when the processing is carried out by automated means) |
| Right to Object (Article 21) | You have the right to object to the processing of your Personal Data in the following circumstances: – For direct marketing purposes, where you can object at any time without restriction, – When processing is based on legitimate interests or public task, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. If you exercise the right to object to direct marketing, we will stop processing your data for that purpose immediately. We will respond to this request within one month |
| Right to lodge a complaint with a supervisory authority | You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. |
How to Exercise Your Rights:
If you would like to exercise any of the rights mentioned above, please contact us atprivacy@docomondo.com. We will respond to your request within one month of receipt. In cases involving complex or multiple requests, we may extend this period by an additional two months, in accordance with Article 12(3) of the UK GDPR and EU GDPR, and will inform you of the reasons for the delay. If we are unable to comply with your request, we will provide a clear explanation of the reasons. If you are dissatisfied with how we have handled your request, you have the right to lodge a complaint with the appropriate data protection supervisory authority:
10. Service Providers
We may employ third party companies and individuals to facilitate the operation of our Website ("Service Providers"), provide the Website on our behalf, perform Website-related services or assist us in analysing how our Website is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
| App | Provided by | Function |
| Functional Services Providers | ||
| Webflow | Webflow, Inc. (US) | Website hosting and visual design platform |
| Google Tag Manager | Google LLC (US) | Tag management system enabling deployment of tracking and marketing scripts |
| Marketing Services Providers | ||
| Facebook Pixel | Meta Platforms, Inc. (US) | Tracks user interactions for targeted advertising and conversion tracking |
| Analytics Services Providers | ||
| Google Analytics | Google LLC (US) | Collects and reports anonymised user interaction data for analytics |
| PostHog | PostHog Inc. (UK/US) | Provides session replay, heatmaps, and product analytics |
| Remarketing Services Providers | ||
| Facebook Pixel | Meta Platforms, Inc. (US) | Enables personalised advertising based on previous user interactions |
11. Links to Other Sites
Our Website may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site.
We have no control over and assume no responsibility for the content, privacy policies or practises of anythird-party sites or services.
12. Children’s Privacy
Our Website does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers
13. Changes to This Privacy Policy
We may update our Privacy Policy from time to time.
We will notify you via email and/or a prominent notice on our Website, prior to the change becoming effective and update the effective date at the top of this Privacy Policy, but we encourage you to review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this page.
14. Language Availability and Legal Interpretation
This Privacy Policy may be provided in multiple languages for the convenience of users across different jurisdictions. In the event of any inconsistency, ambiguity, or conflict between a translated version and the original English version, the English version shall prevail and be deemed the authoritative and legally binding version. We recommend referring to the English version for the most accurate and complete understanding of your rights and our obligations.
If you have any questions regarding the interpretation of this Privacy Policy or require further clarification, please contact us at privacy@docomondo.com.
15. Contact Us
If you have any questions about this Privacy Policy, please contact us at
Panera Tec AG
Im Besch 21
9494 Schaan
Liechtenstein
privacy@docomondo.com
.svg){kind=icon}
