Privacy Notice
Last Updated: 1.5.2026
1. Introductory Information
This Privacy Notice explains how we process your personal data when using our real estate aggregator service.
Personal data processing is governed by:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, hereinafter "GDPR"),
- Act No. 110/2019 Coll., on personal data processing.
2. Data Controller
Data Controller:
Business Name: DEMOLITION SERVICE s.r.o.
Company ID: 14257581
Registered Office: Halasovo náměstí 112/2, Lesná, 638 00 Brno
Email: info@domego.cz
Phone: +420 799 534 542
3. What Personal Data We Process
3.1 Data Provided During Registration
- Email Address – for account creation, login, and sending notifications
- Password – stored in encrypted form to secure the account
- Registration Date – for account records
3.2 Service Usage Data
- Set Search Filters – criteria for monitoring real estate listings (location, property type, price range, area, etc.)
- Notification Preferences – frequency and method of alert delivery
- Search History – to improve result relevance
- Information About Viewed Listings – for service personalization
3.3 Payment Data
- Payment Information – processed exclusively by Stripe Payments Europe, Ltd. (payment gateway provider)
- Billing Information – name, address (if provided), Company ID, Tax ID (for issuing tax documents)
- Payment History – date, amount, payment status
3.4 Technical Data
- IP Address – for service security and abuse prevention
- Device Information – browser type, operating system, screen resolution
- Cookies and Similar Technologies – see Article 10 of this Notice
- Access Logs – date and time of access, pages visited
3.5 Support Communication Data
- Communication Content – emails, chat messages, attached files
- Identification Data – name, email, phone number (if provided)
4. Purpose and Legal Basis of Processing
4.1 Providing Service, Managing User Account
- Legal Basis: Performance of contract (Art. 6(1)(b) GDPR)
- Data Categories: Email, password, search filters, preferences
4.2 Sending Notifications About New Listings
- Legal Basis: Performance of contract (Art. 6(1)(b) GDPR)
- Data Categories: Email, set filters
4.3 Processing Payments, Issuing Tax Documents
- Legal Basis: Performance of contract (Art. 6(1)(b) GDPR) + Legal obligation (Art. 6(1)(c) GDPR)
- Data Categories: Payment data, billing information
4.4 Customer Support, Handling Complaints
- Legal Basis: Performance of contract (Art. 6(1)(b) GDPR) + Legitimate interest (Art. 6(1)(f) GDPR)
- Data Categories: Email, communication content
4.5 Service Usage Analytics, Improving Functionality
- Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)
- Data Categories: Search history, technical data, analytics data
4.6 Service Security, Fraud Prevention
- Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR)
- Data Categories: IP address, access logs, device information
4.7 Marketing Communications (News, Offers)
- Legal Basis: Consent (Art. 6(1)(a) GDPR)
- Data Categories: Email
4.8 Archiving for Accounting and Tax Purposes
- Legal Basis: Legal obligation (Art. 6(1)(c) GDPR)
- Data Categories: Billing information, payment data
5. Data Retention Period
5.1 User Account Data (Email, Password, Filters)
- Retention Period: Until account deletion by user or termination of agreement
5.2 Inactive Accounts
- Retention Period: 24 months from last activity, then automatic deletion
5.3 Payment and Billing Data
- Retention Period: 10 years from tax document issuance (per Accounting Act)
5.4 Analytics Data (Anonymized)
- Retention Period: No time limit
5.5 Access and Security Logs
- Retention Period: 12 months
5.6 Customer Support Communication
- Retention Period: 3 years from communication end
5.7 Marketing Consents
- Retention Period: Until consent withdrawal
Note: After the retention period expires, personal data is securely deleted or anonymized.
6. To Whom We Disclose Personal Data
Your personal data may be disclosed to the following categories of recipients:
6.1 Processors
Stripe Payments Europe, Ltd.
- Purpose: Processing credit card payments
- Location: Ireland (EU)
- Data Processed: Payment data, billing information
- Legal Basis: Data processing agreement per Art. 28 GDPR
Supabase, Inc.
- Purpose: Database hosting and application infrastructure
- Location: USA (appropriate safeguards apply per GDPR)
- Data Processed: All data stored in database (email, filters, preferences)
- Legal Basis: Data processing agreement per Art. 28 GDPR
PostHog, Inc.
- Purpose: Application usage analytics
- Location: USA (appropriate safeguards apply per GDPR)
- Data Processed: Anonymized usage data (pages visited, clicks, technical data)
- Legal Basis: Data processing agreement per Art. 28 GDPR
Tawk.to
- Purpose: Online chat for customer support
- Location: USA (appropriate safeguards apply per GDPR)
- Data Processed: Name, email, chat conversation content
- Legal Basis: Data processing agreement per Art. 28 GDPR
6.2 Other Recipients
- State Authorities – where required by law (police, courts, tax authority, Czech Trade Inspection)
- Legal Service Providers – lawyers, notaries (in dispute resolution)
- Audit Firms – for accounting and tax audits
6.3 Transfers to Third Countries
Some of our processors (Supabase, PostHog, Tawk.to) are located outside the European Economic Area (mainly in the USA). We transfer personal data to these countries exclusively based on:
- Standard contractual clauses approved by the European Commission,
- European Commission adequacy decisions,
- EU-U.S. Data Privacy Framework certification (where relevant).
6.4 Google User Data
When you sign in using Google, we access the following data via Google OAuth 2.0:
- Email address – used to create and identify your user account
- Name and profile picture – used for display within the application
How we use Google data:
We use this data solely to create and authenticate your user account and to display your name and profile picture within the application. We do not use Google user data for any purpose beyond providing the core service.
How we store Google data:
Your email is stored in our database (hosted by Supabase, Inc.). Your Google profile picture URL may be stored for display purposes. The same security measures described in Section 8 apply to all stored data.
What we do NOT do with Google user data:
- We do not sell Google user data to third parties
- We do not use it for targeted, personalized, or retargeted advertising
- We do not use it to train AI or machine learning models
- We do not share it with data brokers or information resellers
- We do not use it for credit assessment or lending purposes
Limited Use disclosure:
Domego's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Deletion:
You can delete your Google-connected account and all associated data as described in Section 7.3.
7. Your Rights as Data Subject
You have the following rights:
7.1 Right of Access to Personal Data (Art. 15 GDPR)
You have the right to obtain confirmation whether we process your personal data and, if so, right of access to such data and information about its processing.
How to Exercise: By sending a request to email info@domego.cz or through your user account ("My Data" section).
7.2 Right to Rectification (Art. 16 GDPR)
You have the right to rectify inaccurate or incomplete personal data.
How to Exercise: You can correct data directly in your user account or by sending a request to email info@domego.cz.
7.3 Right to Erasure – "Right to be Forgotten" (Art. 17 GDPR)
You have the right to request erasure of personal data if:
- they are no longer necessary for processing purposes,
- you withdraw consent and no other legal basis exists,
- you object to processing,
- data is processed unlawfully,
- required by law.
Limitation: We cannot erase data we must retain by law (e.g., billing information for 10 years).
How to Exercise: By deleting account in Application or sending request to email info@domego.cz.
7.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing if:
- you contest data accuracy (for verification period),
- processing is unlawful but you refuse erasure,
- we no longer need the data but you require it for legal claims,
- you have objected to processing (pending objection resolution).
How to Exercise: By sending a request to email info@domego.cz.
7.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive personal data you provided to us in a structured, commonly used, and machine-readable format (e.g., JSON, CSV).
How to Exercise: By sending a request to email info@domego.cz. We will send you the data within 30 days.
7.6 Right to Object (Art. 21 GDPR)
You have the right to object to processing of personal data based on legitimate interest (especially analytics, marketing).
How to Exercise: By sending a request to email info@domego.cz or unsubscribing from marketing communications via the link in the email.
7.7 Right to Withdraw Consent (Art. 7(3) GDPR)
If we process your personal data based on consent, you may withdraw this consent at any time.
How to Exercise: By sending a request to email info@domego.cz or changing cookie settings in the Application.
7.8 Right to Lodge a Complaint with Supervisory Authority (Art. 77 GDPR)
If you believe that processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority:
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Email: posta@uoou.cz
Web: https://www.uoou.cz
7.9 Processing of Requests
- We process requests without undue delay, at the latest within 30 days of receipt.
- In justified cases (complexity, number of requests), we may extend the period by another 60 days – we will inform you of this.
- We charge no fee for processing requests, unless the request is manifestly unfounded or excessive.
8. Personal Data Security
To protect your personal data, we use the following security measures:
8.1 Technical Measures
- Encryption – data transmission over HTTPS protocol (TLS 1.3), passwords stored in hashed form using bcrypt
- Authentication – secure login system with brute force protection (rate limiting)
- Firewall and Monitoring – attack protection, unusual activity monitoring
- Regular Backups – automatic encrypted database backups
- Updates – regular system updates and security patches
8.2 Organizational Measures
- Access Restriction – personal data accessible only to authorized persons
- Processor Agreements – all processors have agreements per Art. 28 GDPR
- Employee Training – regular training on personal data protection and security
- Incident Plan – procedures for security incident response
8.3 Security Breach Notification
If a personal data security breach occurs that may pose a risk to your rights:
- We will notify the Office for Personal Data Protection within 72 hours of discovery,
- We will inform you without undue delay if high risk to your rights is likely.
9. Automated Decision-Making and Profiling
We currently do not use automated individual decision-making or profiling that would have legal effects or similarly significantly affect you within the meaning of Art. 22 GDPR.
We use algorithms for:
- Search Result Personalization – based on your filters and history (can be disabled in settings),
- Listing Recommendations – based on your preferences (can be disabled in settings).
You can deactivate these features at any time in your user account.
10. Cookies and Similar Technologies
10.1 What Are Cookies
Cookies are small text files stored on your device that allow us to recognize your browser and remember certain information.
10.2 What Cookies We Use
Necessary Cookies (Always Active)
- Purpose: Authentication, security, basic application functionality
- Storage Duration: Session duration or up to 30 days
- Legal Basis: Legitimate interest (service operation)
- Examples: session ID, CSRF token, preferences
Analytics Cookies (Require Consent)
- Purpose: Traffic measurement, user behavior analysis
- Provider: PostHog
- Storage Duration: Up to 12 months
- Legal Basis: Consent
- Data: Anonymized visit statistics, clicks, time on page
Chat Cookies (Require Consent)
- Purpose: Online customer support chat functionality
- Provider: Tawk.to
- Storage Duration: Up to 12 months
- Legal Basis: Consent
- Data: Conversation ID, chat status
10.3 Cookie Management
You can manage cookies:
- In Application: Settings → Privacy → Cookies
- In Browser: Your browser settings (deletion, blocking)
Warning: Disabling necessary cookies may cause malfunction of some Application parts.
10.4 Other Tracking Technologies
- Local Storage / Session Storage – for storing application settings
- Pixels – we do not use third-party remarketing pixels (Facebook, Google)
11. Children's Privacy Protection
Our service is not intended for persons under 18 years of age. We do not knowingly collect personal data from children.
If we discover that we have obtained personal data of a child under 18, we will delete such data immediately.
If you are a parent or legal guardian and believe your child has provided us with personal data, contact us at email info@domego.cz.
12. Changes to Privacy Notice
-
We may periodically update this Notice due to:
- changes in legislation,
- changes in our services or processing procedures,
- introduction of new features.
-
We will inform you about significant changes:
- by email to the address in your account,
- by notification in the application.
-
Changes become effective on the date of publication, unless otherwise stated.
-
We recommend regularly reviewing the current version of this Notice.
13. Contact Information
For privacy-related questions contact:
Data Controller:
Email: info@domego.cz
Postal Address: Halasovo náměstí 112/2, Lesná, 638 00 Brno
Phone: +420 799 534 542
Supervisory Authority:
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Prague 7
Email: posta@uoou.cz
Phone: +420 234 665 111
Web: https://www.uoou.cz
Effective Date of this Notice: 1.5.2026
Version: 1.0