Welcome to DOMEUM platform s.r.o. We are fully aware that when using our services, especially the electronic construction diary application, you entrust us with sensitive data. Your trust is key to us, and therefore we approach personal data protection with maximum seriousness, transparency, and in full compliance with applicable legislation.
This document explains who we are, what data we collect about you, why we do it, how we protect it, and what rights you have. These Policies apply to the use of the website www.domeum.cz (hereinafter "Website") and our software platform for construction project management (hereinafter "Application" or "Platform").
1Who is the controller of your data?
The controller of personal data, i.e., the entity that determines the purposes and means of processing, is the company:
DOMEUM platform s.r.o.
- ID: 24035921
- VAT: CZ24035921
- Registered office: Borušov 45, 571 01 Borušov, Czech Republic
- Commercial Register: File No. C 55757 kept at the Regional Court in Hradec Králové
- Statutory body: Jan Vorčák and Ing. Otakar Hobza, Managing Directors
(hereinafter "Controller", "DOMEUM" or "we")
If you have any questions regarding privacy protection or wish to exercise your rights, you can contact us:
- By email: info@domeum.cz
- Data box: smn5mh8
- By mail: At the registered office address
Due to the scope and nature of our activities, we have not appointed a Data Protection Officer (DPO), however, data protection supervision is carried out directly by the company management in cooperation with the legal and IT department.
2What data do we process and for what purposes?
The scope of processed data varies depending on whether you are a visitor to our Website, a user of our Application, or our business partner.
A. You are a website visitor
When simply browsing our Website, we process the following data about you:
Technical data (Logs)
IP address, device type, browser version, operating system, access time, referrer (where you came from).
- Purpose: Ensuring technical functionality of the Website, cybersecurity, protection against attacks (DDoS), error diagnostics.
- Legal basis: Our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in ensuring secure and functional operation.
Cookies and analytics
Information about your behavior on the Website (pages you visit, time spent on page).
- Purpose: Traffic analysis to improve the Website, marketing and ad targeting.
- Legal basis: Your consent (Art. 6 para. 1 lit. a) GDPR), which you give through the cookie banner. This consent is completely voluntary and you can revoke or change it at any time in the cookie settings.
B. You are interested in our services (Inquiry form / Newsletter)
If you contact us through the form or subscribe to the newsletter:
Contact details
First name, last name, email, phone, company name.
- Purpose: Processing your inquiry, sending a price quote, arranging a demo of the Application.
- Legal basis: Pre-contractual negotiations (Art. 6 para. 1 lit. b) GDPR) at your request.
Marketing data
Email address for sending the newsletter.
- Purpose: Informing about news, legislative changes in construction, and Platform features.
- Legal basis: Your consent (Art. 6 para. 1 lit. a) GDPR) if you are not our client. If you are our client, we may send you commercial communications based on legitimate interest (so-called customer exception under § 7 of Act No. 480/2004 Coll.) until you unsubscribe.
C. You are a registered user of the Application (Client)
To provide the electronic construction diary service, we process:
Identification and billing data
First name, last name, address, ID, VAT, bank details.
- Purpose: Concluding a license agreement, creating a user account, invoicing services, accounting.
- Legal basis: Performance of contract (Art. 6 para. 1 lit. b) GDPR) and fulfillment of legal obligation (Art. 6 para. 1 lit. c) GDPR) arising from tax and accounting regulations.
Authentication data
Login email, password (stored exclusively as a cryptographic hash, never in readable form), optionally phone number for two-factor authentication (2FA).
- Purpose: Secure login to the system and protection of your account.
- Legal basis: Performance of contract (ensuring service security).
Operational data in the Application
Activity logs (who, when and what was recorded/edited/deleted), geolocation data when making an entry (if the feature is activated to verify presence at the construction site).
- Purpose: Ensuring integrity of the construction diary, audit trail of changes, fraud prevention.
- Legal basis: Legitimate interest of both us and the Client in the verifiability of construction documentation and performance of contract.
3Important notice: Role of DOMEUM as Processor
It is essential to distinguish between data that we manage (see above) and data that you enter into the Application as part of managing construction projects.
If you enter personal data of third parties into the electronic construction diary (e.g., employee names, subcontractor data, photos of people at the construction site), you (the Client) act as the Controller of this data and DOMEUM platform s.r.o. acts as the Processor.
In this relationship, processing is governed by the Data Processing Agreement (DPA), which is an integral part of our General Terms and Conditions. As Processor, we commit to:
- Process this data only based on your instructions.
- Ensure technical and organizational security of this data.
- Maintain confidentiality.
- Not use this data for our own purposes (e.g., marketing).
4How long do we retain data?
We do not retain your personal data longer than is strictly necessary to fulfill the purpose for which they were collected, or for the period required by law.
| Data type | Retention period |
|---|---|
| Data in active user account | For the duration of the contractual relationship |
| Construction diary (Archival) | 10 years from the issuance of the occupancy permit or completion of construction (per § 166 of Act No. 283/2021 Coll.) |
| Accounting documents | 10 years from the end of the tax period |
| Marketing data | Until consent is revoked, max. 3 years from last interaction |
| Technical logs and backups | 30 to 90 days |
5Who do we share data with?
Your personal data is safe with us. We do not sell it to any third parties. However, to ensure the operation of the Platform, we use services of verified partners (sub-processors) who provide us with partial activities:
- IT infrastructure and cloud providers: Your data is stored on secure servers in data centers within the European Union (e.g., Microsoft Azure, AWS, or local providers in the Czech Republic), which meet the strictest certifications (ISO 27001).
- Communication and marketing tools: For email distribution, we use specialized services (e.g., Ecomail, Mailchimp), which have access only to your email and name.
- Analytical tools: Google (Google Analytics 4) – only in anonymized form and with consent.
- External advisors: Accounting firm, legal representatives, IT specialists – all are bound by legal or contractual confidentiality obligations.
- State authorities: If required by the Police of the Czech Republic, court, or administrative authority (e.g., Building Authority) in accordance with the law, we must provide them with the requested data.
6Data transfers outside the EU
We primarily process data within the European Union (EU) and the European Economic Area (EEA). If we use services of partners from third countries (e.g., USA), we ensure that an adequate level of protection is guaranteed.
Such transfers are always covered either by a European Commission adequacy decision (e.g., EU-US Data Privacy Framework) or standard contractual clauses (SCC) supplemented by a transfer impact assessment (TIA).
7Security first
As an operator of the construction diary, we are aware of the value of stored data. We have implemented robust security measures:
- Encryption: All communication between your device and our servers takes place via encrypted HTTPS protocol (TLS 1.2/1.3). Sensitive data (passwords) are hashed in the database.
- Backup: Data is regularly backed up and backups are stored in a geographically separate location to prevent data loss in case of physical disaster.
- Access control: Only authorized employees who need data for their work have access, based on the "need-to-know" principle.
- Attack protection: We use firewalls, WAF (Web Application Firewall), and monitoring tools to detect suspicious activity.
8Your rights under GDPR
Under the GDPR regulation, you have a number of rights against us. We respect them and try to accommodate you as soon as possible (within 30 days at the latest).
- Right of access (Art. 15 GDPR): You have the right to know what data we process about you and to obtain a copy. Most of this data is available directly in your profile in the Application.
- Right to rectification (Art. 16 GDPR): If your data is outdated or incorrect, you have the right to have it corrected immediately.
- Right to erasure (Art. 17 GDPR): You can request deletion of your personal data. Note: This right is not absolute. We cannot delete data that we must retain by law (e.g., construction diary archival).
- Right to restriction of processing (Art. 18 GDPR): If you question the accuracy of data or the lawfulness of processing, you can request temporary "freezing" of data.
- Right to data portability (Art. 20 GDPR): You have the right to obtain your data in a structured, machine-readable format (e.g., JSON, XML, CSV).
- Right to object (Art. 21 GDPR): You have the right to object to processing based on legitimate interest (e.g., direct marketing).
- Right to lodge a complaint: If you feel that we are not handling your data correctly, you have the right to lodge a complaint with the Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Prague 7).
9Cookies and Consent Mode
Our website uses cookies. In accordance with legislation in force in 2026, we use the so-called Opt-in mode.
- Necessary (Technical) cookies: Are always active because the Website would not function without them. We do not need consent for their use.
- Analytical and Marketing cookies: Are disabled by default. They are activated only if you click the "I agree" or "Allow all" button in our cookie banner.
- Google Consent Mode v2: We use an advanced consent mode from Google, which ensures that if you do not give consent, Google services (Analytics, Ads) will not store any identifiers.
You can change your cookie settings at any time by clicking the "Cookie settings" link in the footer of our Website.
10Changes to the Policy
We may change these policies over time to reflect changes in our Application or in legislation. The current version will always be available on this page. We will inform you about significant changes by email or notification in the Application.