Privacy Policy

Controller

The controller of the personal data processed through donoio.com and donoio.it is:

• Business name: BREDIKHIN VLADIMIR
• Italian VAT number: 12720780969
• Tax code: BRDVDM83T02Z135Q
• Business start date: 10-01-2023
• Activity: software production, code 620100
• Fiscal address: Strada San Donato Rodi, Sanremo (IM), Italy
• Email: support@donoio.com

What data we process

Depending on how you use the service, we process the following categories of data:

• email address, display name and account access data;
• game, wishlist, RSVP, reservation, contribution and invitation data entered by users;
• messages, gift descriptions, links, images uploaded by users and optional contact details;
• technical data such as IP address, browser, device, pages visited, cookies and security logs;
• legal consent records, including consent choices, timestamp, IP address, source domain and document version;
• payment status and transaction identifiers when paid features are used. Card data is processed by payment providers and is not stored by Donoio.

Purposes and legal bases

We process personal data for the following purposes and legal bases under the GDPR:

• to provide accounts, games, wishlists, invitations, email links and reminders: performance of a contract or steps requested before a contract;
• to send service emails, security notices and transactional reminders: performance of the service and legitimate interest in operating it safely;
• to improve the product, prevent abuse, maintain logs and protect the service: legitimate interest;
• to record legal and marketing consent choices: legal obligation, legitimate interest and consent where applicable;
• to process optional marketing or non-essential cookies where enabled: consent;
• to keep accounting and payment records where required: legal obligation.

Recipients and processors

Data may be processed by hosting providers, email delivery providers, analytics providers, payment providers, support tools and technical contractors acting under confidentiality and data processing obligations. Other users may see only the information you intentionally publish inside a game or wishlist, for example a gift idea, reservation status, RSVP answer or public wishlist page.

International transfers

The service may use infrastructure or providers located outside the European Economic Area. Where GDPR requires it, we rely on appropriate safeguards such as contractual data protection commitments, standard contractual clauses, technical access controls and minimisation of the data transferred.

Retention

Account, game and wishlist data is kept while the relevant account, game or wishlist is active and for a reasonable period afterwards so that users can reopen links, manage reservations and resolve support requests. Legal consent records may be kept as evidence of consent and compliance. Security, technical and email delivery logs are kept for limited periods needed for reliability and fraud prevention. Accounting records are kept for the period required by law.

Your rights

You may request access, rectification, erasure, restriction, portability and objection to processing. Where processing is based on consent, you may withdraw that consent at any time without affecting processing that happened before withdrawal. You may contact us at support@donoio.com. You also have the right to lodge a complaint with a competent data protection authority.

Children

Donoio is intended for adults organising events, games and wishlists. We do not knowingly request children to create accounts. If a child participates in a family event, the organiser is responsible for having the necessary authority and for minimising the information entered.

Changes

We may update this policy when the service, providers or legal requirements change. The current version is always available on the foreign-language Donoio domains.