Log inRegister
DOMAN s.r.o. · Legal Documents

Privacy Policy

Effective: 1 April 2026

Summary

We are DOMAN s.r.o. and we operate the platform photoselect.app, where photographers upload albums and their customers select photos for printing, canvas prints, and 3D lamp orders. We collect only the data necessary for the service to function — name, email, phone, photographs, and order data. We do not store payment card data. We respect your rights under the GDPR and you can contact us at any time at mdfoto.sk@gmail.com.

1. Controller

1.1. The controller of personal data is:

DOMAN s.r.o.

Ulica Funduše 1165/26, 951 17 Cabaj-Čápor, Slovakia

Company ID: 47912383

Tax ID: 2024140217

VAT ID: SK2024140217 (registered under §7a from 22.4.2015)

Registered in the Commercial Register of the District Court Nitra, section: Sro, insert no.: 37856/N

E-mail: mdfoto.sk@gmail.com

Web: photoselect.app

1.2. The company has not appointed a Data Protection Officer (DPO) — it does not meet the conditions for mandatory appointment under Art. 37 GDPR. The contact person for data protection matters is the company's managing director, available at: mdfoto.sk@gmail.com.

2. Purpose and Legal Basis for Processing

2.1. We process personal data for the following purposes on the following legal bases:

Purpose of ProcessingCategories of DataLegal Basis (GDPR Art.)
Registration and user account managementName, surname, email, phone, password (hashed)Art. 6(1)(b) — performance of contract
Login and authenticationEmail, JWT tokens, session dataArt. 6(1)(b) — performance of contract
Management of photo albumsPhotographs, album name, album metadataArt. 6(1)(b) — performance of contract
Order processing (print, canvas, 3D lamps)Order data, delivery method, address, notes, payment statusArt. 6(1)(b) — performance of contract
Sending transactional emails (verification, password reset, confirmations)Email addressArt. 6(1)(b) — performance of contract
Operating the photographer platform (SaaS)Photographer data, settings, price list, customersArt. 6(1)(b) — performance of contract
Platform administration and securityAccess logs, IP addressesArt. 6(1)(f) — legitimate interest
Compliance with legal obligationsInvoicing and accounting dataArt. 6(1)(c) — legal obligation

3. Categories of Personal Data

3.1. Account data: first name, last name, email address, phone number, hashed password (Argon2).

3.2. User role: photographer (business tenant), customer (end user), administrator.

3.3. Photographs and albums: photographs uploaded by photographers, watermarked thumbnails, original files, album metadata (name, price list, number of photos, order status).

3.4. Order data: print orders (formats 10x15, 13x18), canvas orders (30x45, 60x40, 90x60, 120x80 cm), 3D lamp orders (4 photos per lamp), delivery method (pickup/post), delivery address, customer notes, payment status (cash/bank transfer).

3.5. Payment data: we track payment status (unpaid, paid by cash, paid by transfer). We do not process payment card data and do not store card numbers.

3.6. Technical data: JWT authentication tokens stored in the browser's localStorage, language preferences (SK/EN).

3.7. Email communication: verification emails, password reset emails, order confirmations, album selection summaries.

4. How We Collect Personal Data

4.1. We collect personal data directly from data subjects:

  • a) when registering an account,
  • b) when creating and managing orders,
  • c) when uploading photographs (in the case of photographers),
  • d) when communicating by email.

4.2. For customers of photographers, the photographer may enter basic customer data (name, email, phone) when inviting them to the system.

5. Photographers' Position Under GDPR

5.1. The DOMAN s.r.o. platform operates on a multi-tenancy model. Photographers register as independent business users and manage their own customers, albums, and orders.

5.2. DOMAN s.r.o. acts as controller with respect to data necessary for the operation of the platform (account data, technical data, payment data).

5.3. With respect to customer photographs and data processed by a photographer for their business purposes, the photographer may act as an independent controller or as a joint controller together with DOMAN s.r.o. The specific position depends on the nature of the relationship between the photographer and their customer.

5.4. Photographers are obliged to inform their customers about the processing of their personal data through the platform and to ensure the appropriate legal basis for such processing.

5.5. DOMAN s.r.o. ensures technical and organisational separation of data between individual photographers — each photographer has access exclusively to data belonging to their own customers.

6. Recipients and Processors

6.1. Personal data may be disclosed to the following categories of recipients:

  • a) Hosting provider: Contabo GmbH, Welfenstraße 22, 81541 Munich, Germany (EU/EEA member) — data storage and server operation.
  • b) Email service provider (SMTP): Webglobe, a.s., Stará Prievozská 1349/2, 821 09 Bratislava, Company ID: 52 486 567 — sending transactional emails.
  • c) Public authorities: in cases required by law.

6.2. We do not transfer personal data to third countries outside the European Economic Area (EEA), unless otherwise stated. In the event of a transfer outside the EEA, we will ensure appropriate safeguards in accordance with Chapter V of the GDPR.

6.3. We do not sell personal data to third parties for marketing purposes.

7. Storage of Photographs and File Access

7.1. Photographs uploaded by photographers are stored on DOMAN s.r.o. servers. Upon upload, the following are automatically created:

  • a) watermarked copies with the photographer's settings,
  • b) reduced thumbnails for display in the gallery.

7.2. Both original photographs and thumbnails are stored on the server and accessible via direct URLs. These files are not protected by additional authentication at the URL level — anyone who knows the exact file address can access them. Security is ensured by the unpredictability of file and album names.

7.3. The photographer is responsible for informing their customers about the conditions of storage and access to photographs.

8. Retention Periods

8.1. We retain personal data for as long as necessary to fulfil the purpose for which it was collected:

Category of DataRetention Period
Account data (active account)For the duration of the account
Account data (inactive account)2 years from last login
Photographs and albums12 months from album lock, or until earlier deletion by photographer
Order data10 years (pursuant to applicable accounting legislation)
Authentication tokens (JWT)Access token: 15 minutes; Refresh token: 1 year (or until logout)
Email communication (logs)1 year
Photographer trial accounts30 days from registration + 6 months from expiry of trial period

8.2. After the retention period expires, data will be securely deleted or anonymised.

9. Rights of Data Subjects

9.1. Under the GDPR, you have the following rights:

  • a) Right of access (Art. 15) — you have the right to obtain confirmation as to whether your personal data are being processed, and if so, to access them.
  • b) Right to rectification (Art. 16) — you have the right to have inaccurate personal data corrected.
  • c) Right to erasure (Art. 17) — you have the right to request erasure of your personal data once the purpose of processing has ceased.
  • d) Right to restriction of processing (Art. 18) — you have the right to request restriction of processing in specified cases.
  • e) Right to data portability (Art. 20) — you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • f) Right to object (Art. 21) — you have the right to object to processing based on legitimate interests.
  • g) Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before the withdrawal.

9.2. You may exercise your rights by sending a request to: mdfoto.sk@gmail.com

9.3. We will respond to your request without undue delay, within 30 days of receipt at the latest.

9.4. You have the right to lodge a complaint with the supervisory authority — Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk.

10. Security of Personal Data

10.1. We take appropriate technical and organisational measures to protect personal data, in particular:

  • a) passwords are stored exclusively in hashed form (Argon2 algorithm),
  • b) communications are encrypted via HTTPS (TLS),
  • c) authentication uses RS256 JWT tokens with limited validity,
  • d) photographer data is mutually separated (multi-tenancy isolation),
  • e) access to administrative functions is restricted to authorised persons,
  • f) impersonation (logging in on behalf of a user) is permitted only to administrators and photographers with respect to their own customers, exclusively for technical support purposes.

11. Cookies and localStorage

11.1. The platform does not use third-party tracking cookies.

11.2. For authentication and preferences, we use localStorage in the browser, where we store:

  • a) access token (JWT) — mdfoto_token,
  • b) refresh token — mdfoto_refresh,
  • c) language preferences (SK/EN).

11.3. These items are necessary for the proper functioning of the service and do not require separate consent under Art. 5(3) of the ePrivacy Directive (they are technically necessary).

12. Age Restriction

12.1. The service is intended for persons aged 16 and over. Persons under 16 may use the service only with the consent of a legal guardian.

12.2. We do not knowingly collect personal data of persons under 16. If we discover that we have collected data of a person under 16 without parental consent, we will delete it without delay.

13. Automated Decision-Making and Profiling

13.1. Processing of personal data does not involve automated decision-making including profiling within the meaning of Art. 22 GDPR.

14. Changes to the Privacy Policy

14.1. We may update this policy from time to time. We will notify you of significant changes by email or by announcement on the platform.

14.2. The current version is always available at photoselect.app.

15. Contact

15.1. If you have any questions regarding data protection, please contact us:

DOMAN s.r.o.

E-mail: mdfoto.sk@gmail.com

Web: photoselect.app