GDPR Consent Form & Data Processing Information for Donum
Part A: For Shop/Merchant Registration
Data Controller: [Your Shop/Business Name]
As a Merchant ("Shop") using the Donum platform, you are the Data Controller for the personal data you collect from your customers through your loyalty program. This means you determine the purposes and means of processing this customer data. Donum acts as a Data Processor on your behalf for this specific data.
To use the Donum platform, we require you to provide certain business information.
1. Data We Collect from Shops
- Business Information: Your shop's name, address (optional), contact email, and phone number.
- Authentication Data: Donum uses Clerk (a third-party authentication service) to securely manage user logins and account access. Clerk's processing of authentication data (like your login credentials) is governed by its own privacy practices and compliance frameworks. Clerk is certified under major data protection standards, and you can review its GDPR compliance commitment at https://clerk.com/dpa.
- Transaction & Loyalty Data: Data generated through your use of the service, such as stamp issuance times and reward redemptions.
2. Purpose & Legal Basis for Processing Shop Data
| Data Category |
Purpose of Processing |
Legal Basis (GDPR Art. 6) |
| Business Information |
To create and manage your account, provide customer support, and issue invoices. |
Contractual Necessity (1(b)): Required to provide you the service. |
| Authentication Data |
To secure your account and authenticate your login. |
Contractual Necessity (1(b)) and Legitimate Interest (1(f)) in securing our platform. |
| Transaction Data |
To provide the core service (stamp tracking, analytics dashboard) and improve our platform. |
Contractual Necessity (1(b)) and Legitimate Interest (1(f)) in service improvement. |
3. Merchant Consent Declaration
By registering as a Merchant, you confirm that:
- You have read and agree to our Terms & Conditions and Privacy Policy.
- You understand your role as a Data Controller for your customers' data.
- You agree to comply with all applicable data protection laws (including GDPR) in the operation of your loyalty program.
By using Donum services, you agree to these terms. By registering and using the Donum platform, you confirm that you have the authority to represent your business, and you accept the data processing practices described above and in Donum's Privacy Policy.
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct inaccurate or incomplete data.
- Right to Erasure: You can request deletion of your personal data under certain circumstances.
- Right to Restriction of Processing: You can request that we limit how we use your data.
- Right to Data Portability: You can request a copy of your data in a machine-readable format.
- Right to Object: You can object to processing based on legitimate interests.
To exercise any of these rights, please contact us at contact@donum.dk.
Data Retention
We retain your business data for as long as your account is active and for a reasonable period thereafter as required by law or for legitimate business purposes. Upon account deletion, your data will be permanently removed from our systems within 90 days, except where we are legally required to retain it.
Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse. This includes encryption, secure authentication via Clerk, and regular security audits.
Contact Information
For questions about data processing, privacy, or to exercise your GDPR rights, please contact:
Dodo Soft - CVR: 46219805
Email: contact@donum.dk
Phone: +45 55 20 11 50