Privacy Policy for the users of the website Didomi.io
Last update: December 2025
This privacy policy may be updated to reflect changes in Didomi’s practices or applicable legislation. We therefore recommend that you review it regularly — you can easily check the latest update date at the top of the document.
In this policy, the terms “we,” “our,” or “us” refer to the company Didomi SAS, located at 137 Boulevard de Sébastopol, 75002 PARIS.
Preamble
Didomi’s services are aimed at professionals who wish to respect the protection of personal data through the use of Didomi’s services de Didomi. Didomi therefore attaches particular importance to the processing, confidentiality and security of your personal data.
The purpose of this privacy policy is to inform you in a clear, simple, and comprehensive manner about the processing carried out on your personal data, as well as the rights you can exercise to control your personal information and protect your private life while you interact with our website.
When providing our consent management solutions to our clients, we do not use your data, cookies, or trackers for purposes other than providing our services. Specifically, we do not engage in cross-domain tracking or use your information for advertising purposes when delivering our services to our clients.
For informational purposes, personal data is any information regarding a physical person who is identifiable or can be identified, directly of indirectly, by reference to an identification number or one or more elements that are specific to him or her, such as surname, name, date of birth, customer or order number, photo, etc…
Identity and contact details of the data controller
Didomi, a simplified joint-stock company, whose headquarter is located at 137 Boulevard de Sébastopol in Paris, registered with the Paris RCS under the number B 831 722 756, is responsible for processing your personal data collected on the website www.didomi.io, and when using our services, within the meaning of the regulations applicable to personal data and in particular the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”).
Purpose of processing, legal basis and personal data collected
Below, you will find the purposes of processing for which we process your personal data, as well as each legal basis for processing and the categories of personal data collected.
Please note: The data concerning the End users of Didomi’s customers, processed by Didomi for its own purposes, consists of aggregated anonymized data that does not allow for the re-identification of users.
We collect the data you provide to us:
• Identity data
• Professional contact information
• Business information
• Social network data (Linkedin account URL)
• Other information voluntarily shared with Didomi
• Communication preferences
• Customer interaction history
• Consent choices
We also collect technical data:
• Login data
• Language used for communications
• Customer ID
• Timestamp
Personal data retention duration
For the purposes of processing mentioned above, we collect the personal data of our customers’ employees (in particular, their professional email address). This data is stored for the duration of the contract agreed on with our customers, except if a specific request is done.
As far as the personal data of prospects is concerned, it is stored for the duration indicated at the time of collection or for the duration of the applicable legal requirement.
Categories of recipients of your personal data
Your personal data is processed by Didomi’s employees. We ensure that only the authorised employees within Didomi can access your personal data when necessary for carrying out their mission and in order to manage our commercial relationship or to achieve our legitimate interest.
We may also be required to share your personal data with our sub processors:
• Our service providers supplying client relation management tools,
• Our service providers supplying prospect’s telephoning management tools,
• Our social media provides,
• Our service providers supplying productivity tools and cloud computing for professionals,
• Our service providers supplying a tool allowing to view and manage data in the Didomi console,
• Our service providers supplying a tool to plan, prepare and follow external meetings,
• Our service providers supplying a data visualization tool for analysts,
• Our service providers supplying a tool for hosting our online events and registering for said events,
• Our service providers supplying email and electronic communication solutions.
If you consent to advertising purposes via our Consent Management Platform, we will use pseudonymized data to interact with third parties (such as social networks or search engines) for the optimization and efficient operation of our online services, web presence, and email communications, as well as to measure and assess the effectiveness of marketing or retargeting campaigns.
Finally, Didomi may be required to share your data with third parties to satisfy legal, regulatory, contractual obligations, or to respond to questions from legal authorities.
Personal data transfers outside the EEA
Certain recipients of your personal data could be outside the European Economic Area or in countries deemed adequate by the European Commission.
These data transfers will be carried out with appropriate safeguards, including contractual safeguards (such as adequacy decisions or the European Commission’s Standard Contractual Clauses), technical safeguards (such as Privacy Enhancing Technologies) and organizational (such as data compartimentalization and access management), in compliance with applicable data protection regulations.
Your rights regarding your personal data
According to the applicable regulation, in particular the GDPR, you have the right to access and rectify your personal data, as well as the right to request its erasure, to oppose their processing for legitimate reasons and to obtain their limitation or portability to the applicable extent.You also have the right to formulate specific or general indications concerning the storage, erasure and communication of your data post-mortem.
These rights can be exercised directly with the DPO of Didomi by email at the address dpo@didomi.io or by post at the following address:
DIDOMI SAS
A l’attention du DPO - Délégué à la protection des données
137 boulevard de Sébastopol 75002 PARIS
You can at any time ask to no longer receive our communications relating to our products and services, our newsletter and our events by using the hypertext link provided for this purpose in every email that we send you or by visiting the Didomi Preference Center by clicking here.
You also have the right to lodge a complaint with the CNIL if you are not satisfied with our responses. You can do so here.
Contact details of our Data Protection Officer
For any question related to the collection and processing of your data by Didomi, you can contact our data protection officer by email at the following address dpo@didomi.io.
Modification of the personal data protection policy
This personal data protection policy may be modified according to changes in Didomi’s practices and applicable legislation. This is why we advise you to consult it regularly, you can easily check the last update at the top of the document.
Consumers located in the USA (for example in California, Virginia, Colorado, Utah, and/ or Connecticut) will find below the additional information required by the law.
Categories of source from which the personal data is collected.
The personal information is collected by Didomi mainly directly from its customers or prospects. However, Didomi can also collect personal information from suppliers who provide solutions that allow companies like Didomi to find phone numbers and email addresses, including via Linkedin.
Categories of personal information that Didomi has shared to third parties in the last 12 months.
Firstly, please note that Didomi does not sell any of the personal information it collects. Moreover, Didomi also does not share your data for cross-context behavioural advertising purposes with any third party.
Didomi does not sell or share personal information of consumers under 16 years of age.
Information about the use or disclosure of sensitive information
Didomi does not use or disclose sensitive personal information as defined by the California Privacy Right Act.
Your rights regarding your personal information
According the privacy laws, you have different rights regarding your personal information :
• The right to know what personal information Didomi has collected about you,
• The right to delete personal information that Didomi has collected from you, subject to certain exceptions
• The right to correct inaccurate personal information that Didomi maintains about you,
• The right to opt-out of Didomi sharing your personal information,
• The right not to receive discriminatory treatment by the Didomi for the exercise of privacy rights conferred by the law.
As mentioned above in this privacy policy, you can exercise the different rights described here in above by writing an email to dpo@didomi.io or sending your request to the following address :
DIDOMI SAS
A l’attention du DPO - Délégué à la protection des données
137 Boulevard de Sébastopol 75002 PARIS
Nothing in this policy contradicts the following statement: Didomi does not utilize data collected through the domain privacy-center.org in a third-party context (including IP addresses and user identifiers) for any purpose not directly related to managing consent preferences, including the use and sharing of such data to enable tracking of particular users or devices by other services.