Here, we will explain how we collect, use and protect your personal data once you accept “Terms of Service use” and start using our Services. We will also explain what rights you have with regards to your personal data and how you can exercise those rights.

The terms used in this Privacy Policy have the same meaning as in our “Terms of Service use”, unless otherwise defined in this Privacy Policy.

We collect and process personal data in accordance with the provisions of EU GDPR. As Croatia is an EU member state, the General Data Protection Regulation (GDPR) is directly applicable.

Data controller

“Domzis” is the data controller. That means that “Domzis” determines the purpose of data collection and processing.

Our registered office address is:

DOMZIS d.o.o.
Karadjordjeva 120
14000 Valjevo

fully represented by CEO Zoran Dovecer.

Data Protection Officer (DPO)

We are not obligated to have a designated Data Protection Officer (DPO) because we don’t process your sensitive private information, but we have data privacy protection in mind at every step, according to GDPR “privacy protection by default”.

How and what user’s data we collect. What we use it for.

There are a couple of groups of data that we collect, which differ in nature and processing purpose.

Log data

We collect and store user’s Log data in the process of your registration to our Services through Android or Apple identification system. The Log data include (which we receive from Google or Apple system):

  • Full name;
  • Email address;
  • Language preference;
  • Profile picture;
  • In addition to that, there are technical Log data when you login to Domzis app, such as your device Internet Protocol “IP” address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service. We consider those technical data as our legitimate interest when distributing our Services through a specific European Service distribution partners.
Personal information

We may require you to provide us with your personal information that are necessary for specific Services to work. The basic personal information include:

  • Full name
  • Address, city, country
  • Phone number
Service-specific data

Some example of data from this group:

  • Your delivery address data, e.g. if you order physical goods;
  • Your payment data, e.g. if you decide to pay for ordered goods and services;
  • Your current Internet Protocol (“IP”) address,

Precise GPS location e..g. if you decide to make an order that requires it (e.g. taxi service).

Data Protection Impact Assessment (DPIA)

According to the Data Protection Impact Assessment DPIA, estimated risk and consequences of an eventual data privacy leak is low.

Retention period

The retention period is 90 days from the day of conclusion of our services (e.g. if you have used the product ordering and paid services, your data will be retained longer depending on the specific legal obligations of each country).

After that period, we will send you an email and offer the options to delete a part, or all of your data, or to choose to have your data kept in our system for easier future use of our Services.

Sharing your personal data

We share necessary user’s data with our Service distribution partners due to the following reasons:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.

We will not share your information with third-parties for the purposes that are not mentioned here.

Data processors

Our Service distribution partners are considered as Data processors. A Data processor is a company that processes someone’s personal data on behalf of the Controller.

We rely on the Data processors who assist in the service delivery, and therefore we have mandatory Data Processing Agreements (DPA) signed with them that regulate information security, personal data protection and confidentiality.

This means that our Data processors cannot use your personal data for any undefined purpose, or share it with any other organisation apart from us.

  • Hosting service: “Loopia”, Serbia – “Loopia” is a hosting company (infrastructure processor). Our web servers, SMTP service and backups are hosted within Loopia Virtual Private Servers VPS.
  • Database service: For database we are using “Google Firebase”. Firebase is a set of cloud-based development tools that helps mobile app developers build, deploy and scale their apps.
  • Accounting service: “PaySpot doo”, Novi Sad, Serbia – Payment transactions and remittances.

Cookie policy

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers.

While you are browsing the website anonymously, we store certain cookies to your browser depending on your explicit consent (selection one or more of the following: “necessary”, “preference”, “statistical” and “marketing” cookies). These cookies contain no personal data.

Cookies in our website

we use consent management platform “Cookie Bot”, Denmark. It does not collect, store or process any personal data. Therefore, under the EU General Data Protection Regulation Article 28. they are not a data processor. It scans the web site on a periodical basis and automatically generates a transparent “Cookie policy” page, where you can find all details regarding your cookie consent. Consent log report is anonymized on their servers in EU certified by ISO 27001.

For more information about cookies and retention time you can find on page “Cookie policy“.

Cookies in the app

Our app service does not use these cookies explicitly. However, the app may use third-party code and libraries that use cookies to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Links to other websites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us.

Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children’s privacy

These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13 years of age. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do the necessary actions.

Information security

We value your trust in providing us your personal information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

We have adopted physical, technical, and administrative measures that are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate use of personal information.

  • We have signed separate “Data Processing Agreements” (DPA) with data processors that regulate information security, personal data protection and confidentiality.
  • Cloud based solutions are located in EU in controlled facilities which have limited access in.
  • We limit access to the information in our IT system to only those with a business reason to do so.
  • The app stores your password encrypted, so no one except you can see that.
  • When we transmit confidential or sensitive information over the internet, we protect it using encryption and other safeguards, unless you request or authorize otherwise.
  • We will never ask you for your sensitive personal information in an unsolicited email or phone call.

Your rights as a data subject

Your rights are as follows:

The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requester, we will provide access to the personal data we hold about you as well as the following information:

  • The source of the personal data (directly, or from third-party)
  • The categories of personal data concerned
  • The purposes of the processing
  • The retention period or envisioned retention period for that personal data
  • The recipients to whom the personal data has been disclosed
The right to rectification (correction)

If your personal data are inaccurate or incomplete, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The right to erasure (the "right to be forgotten")

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
The accuracy of the personal data is contested.

  • Processing personal data is unlawful.
  • We no longer need personal data for processing, but personal data is required for part of a legal process.
  • The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
The right to data portability

This right is only available if the original processing was based on a consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

The right to object

You have the right to object to our processing of your data where:

  • Processing is based on legitimate interest.
  • Processing is for the purpose of direct marketing.
  • Processing involves automated decision-making and profiling.

Your request

If you are concerned about your privacy, or you would like to exercise your rights as the Data subject, please fill the PDF form “Personal data access request” that you can download from here, and send to

To process your request, we are legally obligated to ask you to provide two valid non-contradictory forms of identification for verification purposes.

Be aware that it takes up to 30 days to send to you a complete answer.

Data protection authority

In case that you believe you cannot exercise your right in communication with us, we are obligated to inform you that you have a right to complain to the Croatian personal data protection agency:

Agencija za zaštitu osobnih podataka | AZOP
Selska cesta 136
10 000 Zagreb, Croatia
Phone: +385 (0)1 4609-000

Change of the privacy policy

If there are any changes in how we use your private data, notification by email will be made to those affected by the change. Any changes to our privacy policy will be posted on our website 30 days prior to these changes taking place.

Last updated: the 22. March 2024.