Last updated: March 2026
The data controller responsible for your personal data is:
BazaDomu
Slovak Business ID (IČO): 56125496
E-mail: [email protected]
Website: bazadomu.com
We collect and process personal data only for specific, explicit purposes. The table below lists each data type, why we use it, and the legal basis under GDPR Art. 6.
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| E-mail address | Account registration, authentication, and service-related notifications (e.g. password reset, account security alerts) | Performance of a contract (Art. 6(1)(b)) | Until account deletion, plus up to 30 days for deletion processing |
| First and last name | Identifying you as an author of content you publish on the site | Performance of a contract (Art. 6(1)(b)) | Until account deletion; may be retained as part of published content - see Section 7 |
| Phone number | Optional: identity verification and account security (two-factor authentication or phone-based login) | Consent (Art. 6(1)(a)) - provided voluntarily; may be withdrawn at any time | Until removed from your profile or account deletion |
| IP address | Security monitoring, detection of unauthorised access and abuse | Legitimate interests (Art. 6(1)(f)) - protecting the site and its users | Up to 12 months in server logs |
| Browser language (User-Agent) | Displaying the site in your preferred language | Legitimate interests (Art. 6(1)(f)) - improving user experience | Not stored; processed on each request only |
| Session cookie (PHPSESSID) | Maintaining your login session while you are on the site | Strictly necessary - no consent required under ePrivacy Directive | Until browser session ends or logout |
| Authentication token (cookie) | Keeping you logged in across sessions ("remember me") | Performance of a contract (Art. 6(1)(b)) | Up to 30 days, or until logout |
| Cookie consent record | Storing your acknowledgement of this policy to avoid repeated prompts | Legitimate interests (Art. 6(1)(f)) | Up to 12 months |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
When you log in via Google or Facebook, the respective service shares with us only the minimum data you authorise: your name and e-mail address. We do not receive or store any other data from these providers. The provider will ask for your explicit permission before sharing anything.
These providers process your data under their own privacy policies and may transfer data to servers outside the European Economic Area. Such transfers are subject to the Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of protection.
We use the following trusted third parties to operate the service. Each acts as a data processor under a written agreement:
No data is sold or shared with third parties for marketing purposes.
You have the following rights regarding your personal data. To exercise any of them, contact us at [email protected]. We will respond within 30 days.
When you delete your account, we delete your personal data within 30 calendar days. See our Data Deletion Policy for a full description of what is deleted and what may be retained.
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the data protection authority in your country of residence:
We encourage you to contact us first so we can address your concern directly.
We may update this policy as the service evolves. For changes that affect how we use data collected on the basis of consent, we will notify you by e-mail before the change takes effect. For other changes, the updated policy will be published on this page. The date at the top of this page indicates when it was last revised.
For any questions about this privacy policy or your personal data, contact us at [email protected].