Privacy Policy
Effective Date: May 16, 2025
Data Controller: Web Impact LLC, d/b/a DOMINEXT
Contact: privacy@dominext.co
1.1 Purpose
This Privacy Policy explains how DOMINEXT collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR), Wyoming law, and other applicable regulations.
1.2 Date We Collect
- Personal Data: Name, email address, shipping address, phone number (if provided), purchase history, and account credentials.
- Seller Data: KYC verification data (e.g., government ID, business registration) collected via third-party providers.
- Payment Data: Payment information (e.g., card details) collected and processed by third-party payment providers. DOMINEXT does not store payment card details.
- Preference Data: Information provided through questionnaires, product recommendation tools, surveys, or user interactions including but not limited to personal preferences, interests, lifestyle choices, sexuality, sexual preferences, and other personal attributes that may be used for product recommendations or to enhance user experience.
- Technical Data: IP address, device type, browser type, operating system, and usage data collected via analytics tools.
- User Content: Reviews, ratings, and listing descriptions.
1.3 How We Use Data
- Order Processing: To facilitate transactions, communication, and payment processing.
- Platform Improvement: To analyze usage patterns and optimize functionality.
- Legal Compliance: To meet tax, anti-fraud, or other regulatory obligations.
- Marketing: To send promotional materials (with consent, where required).
- Fraud Prevention: To detect and prevent fraudulent activities.
- AI-Driven Recommendations: To train our artificial intelligence systems to personalize and recommend products and content.
1.4 Legal Basis for Processing (GDPR)
- Consent (Article 6(1)(a)): For marketing emails or certain cookies.
- Contract Performance (Article 6(1)(b)): To process orders and provide Platform services.
- Legal Obligation (Article 6(1)(c)): To comply with tax or KYC requirements.
- Legitimate Interests (Article 6(1)(f)): To improve the Platform, prevent fraud, or analyze usage.
1.5 Data Sharing
- Third-Party Providers: We share data with payment processors, KYC providers, hosting providers (ScalaHosting), and analytics tools (Google Analytics, Hotjar).
- Sellers/Buyers: Buyer data (e.g., shipping address) is shared with sellers to fulfill orders.
- Legal Authorities: We may disclose data to comply with legal obligations or respond to lawful requests.
- No Sale of Data: DOMINEXT does not sell personal data to third parties.
1.6 Cross-Border Transfers
- Data may be transferred outside the European Economic Area (EEA) to third-party providers. We ensure GDPR-compliant safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
- For transfers to the U.S., we rely on the EU-U.S. Data Privacy Framework (if applicable) or SCCs.
1.7 Data Retention
- Personal data is retained only as long as necessary for the purposes outlined (e.g., transaction completion, legal compliance).
- Account data is deleted within 60 days of account closure, unless required for legal purposes.
- Purchase history is retained for 7 years to comply with tax obligations.
- Where permitted by law, we may anonymize certain data rather than delete it completely. Properly anonymized data (where the information can no longer be associated with an identifiable individual) may be retained indefinitely for analytical, statistical, and platform improvement purposes.
1.8 User Rights (GDPR)
You have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Erase data (subject to legal obligations).
- Restrict or object to processing.
- Data portability.
- Withdraw consent – To exercise these rights, contact privacy@dominext.co. We will respond within 30 days.
You may also lodge a complaint with a supervisory authority (e.g., in Germany, the Bundesbeauftragte für Datenschutz und Informationsfreiheit; in the Netherlands, the Autoriteit Persoonsgegevens).
- Data Storage and Transfers
Your personal data is stored on secure servers managed by our hosting provider, Scala Hosting. The servers are physically located in the United States.
- Our agreement with Scala Hosting includes appropriate data processing terms to ensure the security and confidentiality of your personal data. Scala Hosting acts as our data processor and only processes your data according to our documented instructions.
- In some cases, your data may be transferred to and processed in countries outside your region of residence. For transfers from the European Economic Area to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
- We have implemented appropriate technical and organizational measures to protect your personal data during any transfer, and we conduct regular data protection impact assessments to ensure compliance with applicable regulations.
1.9 Cookies and Analytics
- Cookies: We use essential cookies for session management and functionality, and non-essential cookies for analytics and marketing (with consent).
- Tools: Google Analytics and Hotjar collect anonymized usage data to improve user experience.
- Management: Users can manage cookie preferences via the cookie banner or browser settings.
2.0 Children
The Platform is not intended for users under 18. We do not knowingly collect data from minors. If discovered, such data will be deleted immediately.
2.1 Data Protection Officer (DPO)
As our EU user base grows, we will appoint a DPO or EU representative. For now, GDPR inquiries can be directed to privacy@dominext.co.
2.2 Security
We implement comprehensive technical and organizational measures in accordance with Article 32 of the GDPR and the German Federal Data Protection Act (BDSG) to protect your personal data, including:
- Encryption: All data in transit is protected using TLS 1.3 encryption protocols, and sensitive stored data is encrypted at rest using AES-256 encryption.
- Access Controls: We employ strict role-based access controls, two-factor authentication, and regular access review procedures to ensure only authorized personnel can access personal data.
- System Security: Our systems are protected by enterprise-grade firewalls, intrusion detection systems, and regularly updated security software.
- Data Minimization: We collect and retain only the data necessary for the specified purposes, implementing data minimization principles by design.
- Regular Security Audits: We conduct periodic security assessments and vulnerability scans to identify and remediate potential weaknesses.
- Employee Training: All staff members receive regular data protection and security awareness training.
- Incident Response Plan: We maintain a documented security incident response procedure to quickly address any potential data breaches, including notification protocols compliant with GDPR Article 33 requirements.
- Vendor Management: We verify that our service providers, including Scala Hosting, maintain appropriate security certifications and comply with our security requirements through contractual safeguards.
Despite these measures, no system can guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and the appropriate supervisory authorities as required by applicable law.