GDPR Compliance & Your Data Rights
DomuHq s.r.o. (IČO: 23641550) is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and Czech data protection laws. This page explains your rights under GDPR and how to exercise them when using the DomuHQ platform
Quick Reference: YOUR GDPR RIGHTS
Under GDPR, you have the following rights:
| Right | What it means | How to exercise it |
|---|---|---|
| Right of Access | Get a copy of your personal data | Request Access |
| Right to Rectification | Correct inaccurate data | Update Profile or Email Us |
| Right to Erasure | Delete your personal data | Delete Account |
| Right to Restriction | Limit how we use your data | Request Restriction |
| Right to Data Portability | Get your data in portable format | Download Data |
| Right to Object | Stop certain types of processing | Object to Processing |
| Right to Withdraw Consent | Cancel consent-based processing | Profile > Preferences > Notifications, or email privacy@domuhq.cz |
| Right to Lodge a Complaint | File a complaint with authorities | File Complaint |
| Rights Regarding AI | Contest automated decisions | Challenge AI Decisions |
Contact for GDPR Inquiries
Response Time: 30 days (may extend to 90 days for complex requests)
1. Right of Access (GDPR Article 15)
You have the right to confirm processing, obtain a copy of your personal data, and receive info on how it’s used, shared, and retained.
- Option 1: Self-Service Download (Fastest)
- –Log in to your DomuHQ account
- –Go to Profile > Data & Security > Download My Data
- –Select categories (All, Profile, Messages, Listings, etc.)
- –Click Request Download
- –Receive an email with a secure download link within 24–48 hours
- –Format: JSON or PDF (your choice)
- Option 2: Submit a GDPR Request
- –Use the GDPR Rights Page: domuhq.cz/gdpr OR
- –Email privacy@domuhq.cz with subject “GDPR Access Request”
- –Include: name + account email, what data you want (or “all personal data”), and proof of identity if requested
- What You’ll Receive (Data Package)
- –Account info: name, email, phone, DOB, registration date
- –Profile data: bio, photos, assessment results, preferences
- –Activity history: searches, viewed profiles, requests, matches
- –Messages: copies sent/received
- –Listings: created listings (Hosts)
- –Payment history: subscriptions, transactions
- –Verification data: status and date (not copies of ID docs)
- –Processing info: purposes, categories, recipients, retention periods, your rights
Cost: first request free; subsequent requests within 6 months may incur a reasonable administrative fee.
2. Right to Rectification (GDPR Article 16)
You can correct inaccurate personal data and complete incomplete data.
- Option 1: Update Directly (Recommended)
- –Profile > Manage Profile
- –Edit: name, bio, photos, lifestyle preferences, contact info, location
- –Click Save Changes
- Option 2: Request Correction
- –For data you can’t edit (e.g., verification status, assessment results):
- –Email privacy@domuhq.cz with subject “Data Rectification Request”
- –Include: what’s wrong, what it should be, supporting docs if applicable
Response time: 30 days. We may verify identity before sensitive corrections.
3. Right to Erasure (Right to be Forgotten) (GDPR Article 17)
You can request deletion when data is no longer needed, consent is withdrawn, you object with no overriding grounds, processing was unlawful, or deletion is legally required.
- Option 1: Delete Your Account (Recommended)
- –Profile > Data & Security
- –Scroll to Delete Account
- –Review what will be deleted
- –Click Delete My Account and confirm password
- –You’ll receive a confirmation email
- Option 2: Submit Erasure Request
- –Email privacy@domuhq.cz
- –Subject: “GDPR Erasure Request”
- –Include: account email + reason for deletion
- What Happens When You Delete
- –Deleted within 7 days: access terminated, profile hidden, listings removed, squad memberships terminated
- –Deleted within 30 days: name, email, phone, photos, profile info, assessment responses, search/activity logs; anonymization applied
- What May Be Retained (Legal Exceptions)
- –Financial records: 10 years (Czech accounting law)
- –Verification data: 5 years (AML/KYC)
- –Legal disputes: until resolved + limitation periods
- –Messages you sent: retained in recipients’ inboxes (their copies)
- –Reviews: may be anonymized (author removed, content kept)
- –Backups: deleted data may persist up to 90 days
We may refuse deletion where required by law, for legal claims, for expression (e.g., public reviews), or to protect other users’ legitimate interests.
4. Right to Restriction of Processing (GDPR Article 18)
You can temporarily restrict processing if you contest accuracy, processing is unlawful (prefer restriction), we no longer need it but you need it for legal claims, or you object pending verification of grounds.
- How to Exercise
- –Email privacy@domuhq.cz
- –Subject: “GDPR Restriction Request”
- –Include: account email, what to restrict, and the reason
- What Happens During Restriction
- –We store data securely
- –We do NOT process it except with your consent, for legal claims, or to protect others
- –We inform you before lifting restriction
- –You can still access and view your data
Response time: 30 days.
5. Right to Data Portability (GDPR Article 20)
You can receive data you provided in a structured, commonly used, machine-readable format (JSON/CSV) and transmit to another provider where feasible. Applies to consent/contract processing done by automated means.
- Self-Service Download
- –Profile > Data & Security > Download My Data
- –Choose JSON or CSV
- –Select categories (profile, assessment responses, messages—your copies, listings, transaction history)
- –Receive link within 24–48 hours
- Manual Request
- –Email privacy@domuhq.cz
- –Subject: “Data Portability Request”
- –Specify format (JSON/CSV) and categories
- Included vs Not Included
- –Included: account details, profile info/photos, questionnaire answers, preferences, messages you sent, your listings, subscription/payment history
- –Not included: compatibility scores (derived), other users’ data, internal IDs/metadata
Response time: 30 days.
6. Right to Object (GDPR Article 21)
You can object to processing based on legitimate interests or public interest. Direct marketing objection is absolute (we stop immediately).
- To Object to Marketing (Immediate)
- –Click Unsubscribe in any marketing email
- –Profile > Preferences > Notifications > Disable Marketing Communications
- –Email privacy@domuhq.cz with “Unsubscribe from Marketing”
- To Object to Other Processing
- –Email privacy@domuhq.cz
- –Subject: “GDPR Objection”
- –Include: what processing you object to + your reason (e.g., AI training, analytics, profiling)
- What Happens After You Object
- –Marketing: processing stops immediately
- –Other processing: we stop unless we show compelling legitimate grounds overriding your rights, or it’s needed for legal claims
Response time: 30 days.
7. Right to Withdraw Consent (GDPR Article 7(3))
You can withdraw consent at any time. Withdrawal does not affect prior lawful processing. Some features may be disabled.
- Processing Based on Consent (Examples)
- –Marketing and promotional emails
- –Optional sensitive/extra data (e.g., health data for accessibility matching)
- –Non-essential cookies and analytics
- –Precise GPS location tracking
- –Non-essential third-party sharing
- How to Withdraw (Self-Service)
- –Profile > Preferences > Notifications (toggle off Marketing Communications), or email privacy@domuhq.cz for other consents
- –Toggle off specific consents (marketing, analytics cookies, location tracking, optional sharing)
- –Save changes
- How to Withdraw (Email)
- –Email privacy@domuhq.cz
- –Subject: “Withdraw Consent”
- –Specify which consent(s) you’re withdrawing
- Effect of Withdrawal
- –Marketing: no promo emails (transactional emails still send)
- –Location: GPS stops; results may be less accurate
- –Optional features: disabled until you re-enable consent
Response time: immediate (self-service); within 7 days (email requests).
8. Right to Lodge a Complaint (GDPR Article 77)
You can file a complaint with the supervisory authority if you believe your data rights were violated.
- Czech Supervisory Authority (ÚOOÚ)
- –Website: uoou.cz
- –Address: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
- –Phone: +420 234 665 111
- –Email: posta@uoou.cz
- How to File
- –Visit uoou.cz → Complaints (Stížnosti)
- –Submit online form/email/post with: your contact, description, steps taken, desired outcome
- –Acknowledgment: within 30 days; investigation may take 60–90 days
- EU Residents (Outside Czech Republic)
- –You may also complain in your country of residence, work, or where the alleged violation occurred.
- We Encourage Direct Resolution First
- –Email privacy@domuhq.cz (we respond within 30 days)
- –You can still file a complaint anytime (no need to contact us first)
9. Rights Regarding AI and Automated Decisions (GDPR Article 22)
You have the right not to be subject to solely automated decisions with legal or similarly significant effects.
- How DomuHQ Uses AI
- –Personality matching (compatibility scores)
- –Content moderation (detecting prohibited content)
- –Fraud detection
- –Listing optimization recommendations
- –DomuBot AI customer support
- Your AI Rights
- –Right to know (AI disclosed; DomuBot labeled as AI)
- –Right to human review (especially bans/verification rejections)
- –Right to explanation (logic, significance, consequences within proprietary limits)
- –Right to contest AI decisions
- How to Exercise AI Rights
- –Email privacy@domuhq.cz
- –Subject: “AI Decision Review Request”
- –Include: account email, the AI decision (flag/score/restriction), why incorrect, and desired outcome
- –Response times: urgent (account restrictions/safety) within 7 days; standard within 30 days
- AI Fairness and Non-Discrimination
- –If you believe AI discriminated: email privacy@domuhq.cz or support@domuhq.cz
- –Subject: “AI Bias Complaint”
- –Investigation within 7 days; human review; model correction if bias confirmed
- Opting Out of Non-Essential AI
- –Email privacy@domuhq.cz with subject 'AI Opt-Out Request'
- –Toggle off: AI listing optimization, personalized recommendations, advanced analytics
- –Note: core AI (matching, moderation, fraud detection) cannot be opted out (essential).
10. Children’s Privacy Rights (Under 16)
- –Under 16 requires parental consent to use DomuHQ.
- –Parent/guardian can exercise all GDPR rights on the child’s behalf.
- –We may request proof of consent/guardianship.
- –If a child uses DomuHQ without consent: contact us; we delete the account within 7 days.
Email privacy@domuhq.cz with subject “Parental Rights Request” and provide proof of guardianship.
11. Data Breach Notification
If a breach poses high risk, we notify you without undue delay (typically within 72 hours) via email and/or in-app notification.
- What We Provide
- –Nature of breach and affected data
- –Approximate number of users affected
- –Likely consequences
- –Measures taken to address the breach
- –Steps you can take (change password, monitor accounts)
- What We Do
- –Contain breach; stop unauthorized access
- –Notify ÚOOÚ within 72 hours (GDPR Art. 33)
- –Investigate scope/cause and remediate
- –Notify affected users if high risk
- –Assist users where appropriate
- What You Should Do
- –Change password immediately
- –Enable two-factor authentication (if available)
- –Monitor for suspicious activity
- –Contact privacy@domuhq.cz with questions
12. International Data Transfers
You have the right to know which countries receive your data, what safeguards apply, and how to obtain copies (e.g., SCCs).
- Where We Transfer Data
- –Primary storage: EEA (AWS EU-Frankfurt, AWS EU-Ireland). DomuHQ does not use Google Cloud.
- –Non-EEA transfers are limited: Stripe (payments) and Anthropic (AI) may process data in the US under Standard Contractual Clauses. Google Analytics uses IP anonymization.
- –Safeguards: Standard Contractual Clauses (SCCs) approved by the EU Commission
- –Adequacy countries: UK, Switzerland, Canada, Japan (examples listed)
- Request Transfer Information
- –Email privacy@domuhq.cz
- –Subject: “International Transfer Information Request”
- –We provide: list of countries, safeguards, copies of relevant SCCs
Response time: 30 days.
13. Exercising Multiple Rights
You can exercise multiple rights in one request (we’ll process each and reply in one communication).
- –Email privacy@domuhq.cz
- –Subject: “GDPR Multiple Rights Request”
- –List each right and what you want (e.g., access + name correction + delete old messages).
Response time: 30 days for combined requests.
14. Identity Verification
We may verify identity before processing sensitive requests (access, sensitive rectification, deletion) to protect against unauthorized disclosure.
- Methods
- –Email confirmation code
- –Account login confirmation
- –Photo ID for highly sensitive requests (deleted after verification)
- We Will NOT
- –Ask for payment info to verify identity
- –Request more information than necessary
- –Delay responses unreasonably due to verification
15. Fees and Charges
- Generally Free
- –First access request
- –Rectification
- –Deletion
- –All other GDPR rights
- We May Charge a Reasonable Fee If
- –Request is manifestly unfounded or excessive
- –Request requires disproportionate effort (e.g., archived manual retrieval)
- Fee Range (Typical)
- –Based on administrative cost
- –Typically €10–50 for excessive requests
- –You’ll be informed before processing; you can withdraw request
- We Will NEVER Charge For
- –Your first access request
- –Rectification of inaccurate data
- –Deletion of your account
- –Withdrawing consent or objecting to processing
16. Response Times
- –Standard: 30 days from receipt of a complete request
- –Extension: +60 days (total 90) for complex/high-volume requests (we inform you within first 30 days)
- –Priority: urgent safety issues 7 days; account restrictions 7–14 days; marketing opt-out immediate (self-service) or 3 days (email)
If verification is needed, the clock pauses until you provide the required information.
17. Refusal of Requests
We may refuse or restrict requests where legally justified.
- –Manifestly unfounded or excessive requests
- –Legal obligation to retain data (e.g., accounting records)
- –Necessary for legal claims/defense
- –Freedom of expression/information (e.g., public reviews)
- –Other users’ legitimate interests in shared data (e.g., messages you sent)
If we refuse: we inform you within 30 days, explain why, and inform you of your right to complain to ÚOOÚ and seek judicial remedy. Partial compliance applies where possible.
18. Contact Information for Data Rights
Email & Requests
Postal Address
Supervisory Authority
19. Updates to This Page
- –This page may be updated due to GDPR interpretation/enforcement changes, new rights tools, or regulator/user feedback.
- –Version: 1.1
- –Last Updated: April 1, 2026
- –Previous versions available upon request: privacy@domuhq.cz
Summary: Quick Action Guide
- Download my data
- –Profile > Data & Security > Download My Data
- Update my profile
- –Profile > Manage Profile
- Delete my account
- –Profile > Preferences > Danger Zone > Delete Account
- Stop marketing emails
- –Click “Unsubscribe” in any email
- Manage cookie preferences
- –Cookie consent popup (clear browser cookies to reset)
- Withdraw consents
- –Profile > Preferences > Notifications (toggle off Marketing Communications), or email privacy@domuhq.cz for other consents
- Challenge AI decision
- –Email privacy@domuhq.cz — Subject: “AI Review”
- File a complaint
- –Contact ÚOOÚ at uoou.cz
Questions? Email privacy@domuhq.cz — we respond within 30 days.