Privacy Policy

Last updated: 15.12.2025

This Privacy Policy explains how personal data is collected, processed, used, and protected in connection with the use of the Dovinio platform (the “Platform”).

1. Data Controller

1.1 The data controller within the meaning of Regulation (EU) 2016/679 (“GDPR”) and applicable Romanian law is:

INNO HOLDING & CONSULTANCY SERVICES SRL
CUI: 46675065
Registration No.: J40/16082/2022
EUID: ROONRC.J40/16082/2022
Registered Address:
Str. Col. Constantin Blaremberg 4–6, Et. 1, Ap. 2A
011879 Bucharest, Sector 1, Romania
1.2 The Controller operates the Platform as a technology-only service provider.

2. Scope of Application

2.1 This Privacy Policy applies to:

• visitors of the Platform;
• registered users;
• Vendors and sub-vendors;
• resellers and partners;
• any individual whose personal data is processed in connection with Platform use.

2.2 This Privacy Policy applies regardless of the User’s location, subject to mandatory local data protection laws.

3. Nature of the Platform and Data Responsibility

3.1 Dovinio is a multi-vendor, multi-tenant technology platform.
3.2 Vendors act as independent data controllers with respect to personal data of their customers, prospects, or business partners.
3.3 Dovinio is not a joint controller with Vendors within the meaning of Article 26 GDPR.
3.4 Dovinio does not control, verify, or supervise Vendor data processing activities.

4. Categories of Personal Data Processed

4.1 The Platform may process the following categories of personal data:

a) Account Data

• name or business name
• email address
• login credentials (encrypted)
• role and account type

b) Technical and Usage Data

• IP address
• device information
• browser type and version
• operating system
• access times and logs

c) Communication Data

• messages sent via Platform tools
• support requests

d) Vendor-Provided Data

• data uploaded by Vendors about their offerings or customers, processed solely as a technical service provider

4.2 Payment data (such as credit card numbers or bank details) is not stored or processed by Dovinio.

5. Purposes and Legal Bases of Processing

5.1 Personal data is processed for the following purposes:

a) provision and operation of the Platform
b) user authentication and access control
c) technical security and fraud prevention
d) legal compliance and regulatory obligations
e) customer support and communication

5.2 Legal bases for processing include:

• performance of a contract (Art. 6(1)(b) GDPR);
• compliance with legal obligations (Art. 6(1)(c) GDPR);
• legitimate interests (Art. 6(1)(f) GDPR), in particular platform security and integrity;
• consent, where explicitly obtained (Art. 6(1)(a) GDPR).

6. Data Processing on Behalf of Vendors

6.1 Where Dovinio processes personal data uploaded by Vendors, such processing is carried out solely as a data processor within the meaning of Article 28 GDPR.

6.2 The Vendor remains fully responsible for:

• lawfulness of data collection;
• information obligations towards data subjects;
• responding to data subject requests.

6.3 A separate Data Processing Agreement (DPA) governs such processing relationships.

7. International Data Transfers

7.1 The Platform may use hosting providers, content delivery networks, or service providers located inside or outside the European Union.

7.2 Where personal data is transferred outside the EU/EEA, such transfers are carried out in accordance with:

• adequacy decisions of the European Commission; or
• standard contractual clauses; or
• other appropriate safeguards under GDPR.

8. Data Retention

8.1 Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.

8.2 Data may be retained longer where required by:

• legal obligations;
• accounting or tax laws;
• the establishment, exercise, or defense of legal claims.

9. Data Subject Rights

9.1 Data subjects have the following rights under GDPR:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to data portability;
• right to object to processing;
• right to withdraw consent at any time.

9.2 Requests may be submitted using the contact details of the Controller.

10. Security Measures

10.1 Dovinio implements appropriate technical and organizational measures to protect personal data, including:

• access controls;
• encryption;
• secure hosting environments;
• regular system monitoring.

10.2 No system can be guaranteed to be completely secure.

11. Cookies and Similar Technologies

11.1 The Platform may use cookies and similar technologies necessary for:

• technical operation;
• security;
• performance optimization.

11.2 Non-essential cookies are used only where legally permitted or with user consent.

12. Third-Party Services

12.1 The Platform may integrate third-party services (e.g. payment providers, analytics tools).

12.2 Dovinio is not responsible for the privacy practices of third parties.

13. Children’s Data

13.1 The Platform is not intended for use by individuals under the age of 18 unless permitted by applicable law and with appropriate consent.

14. Global Availability and Local Law

14.1 The Platform is available worldwide.

14.2 Users are responsible for ensuring compliance with applicable local data protection and privacy laws in their jurisdiction.

15. Changes to this Privacy Policy

15.1 Dovinio may update this Privacy Policy at any time.

15.2 Continued use of the Platform after publication of changes constitutes acceptance of the updated Privacy Policy.

16. Supervisory Authority and Complaints

16.1 Data subjects have the right to lodge a complaint with the competent supervisory authority, in particular in:

• Romania; or
• the EU Member State of their habitual residence.

17. Governing Law

17.1 This Privacy Policy is governed by the laws of Romania, supplemented by applicable EU data protection law.