Privacy Policy
How we collect, use, and protect your personal data
DOVMA Digital is committed to handling your personal data with care and transparency. This policy explains what we collect, why we collect it, and the rights you have over your information. It applies to prospective clients, newsletter subscribers, and anyone visiting our site.
1. Who is Responsible for Your Data
The data controller for all personal data collected through this website is:
- DOVMA Digital
- Yaoundé, Cameroon
- Email: hello@dovmadigital.com
- Phone / WhatsApp: +49 157 57890197
- Website: dovmadigital.com
If you have any questions about how we handle your data, or if you want to exercise any of your rights, please contact us directly at the email address above. We will respond within 30 days.
2. What Data We Collect
Contact and inquiry forms
When you submit a request through our contact form, we collect the information you provide:
- Full name and email address (required for all inquiries)
- Phone number and location (country, city)
- Company name, website URL, and social media links (optional)
- Service category of interest and project details
- Budget indication (optional)
- Your message
- WhatsApp opt-in preference
Booking and scheduling
When you book a discovery call, we collect your name, email address, phone number, service interest, and chosen date and time. We use this information to confirm your booking, create a Google Calendar event, and generate a Google Meet link for the call.
Newsletter
If you subscribe to our newsletter, we collect your email address and language preference. You can unsubscribe at any time using the link in any email we send.
Analytics and behavioral data
With your consent, we use Google Analytics 4 and Microsoft Clarity to understand how visitors interact with our site. These tools may collect information such as pages visited, time spent, scroll depth, click patterns, and approximate location (country/city level). Your full IP address is anonymized.
Technical data
Our hosting infrastructure (Vercel) and analytics tools automatically process certain technical information required to serve the website: IP address (anonymized), browser type, operating system, and referring URL. We do not use this data to identify you individually.
3. Why We Process Your Data and on What Legal Basis
We only process personal data when we have a valid legal basis to do so. Under GDPR (applicable to EU/EEA residents and UK residents under UK GDPR), the legal bases we rely on are:
- Consent (Article 6(1)(a) GDPR): Analytics cookies, marketing communications, and WhatsApp messaging. These are only activated after you grant permission through our consent banner.
- Contract performance (Article 6(1)(b) GDPR): Processing your inquiry, confirming bookings, and delivering our services.
- Legitimate interests (Article 6(1)(f) GDPR): Fraud prevention, security monitoring, and improving our website based on aggregated usage patterns.
- Legal obligation (Article 6(1)(c) GDPR): Complying with applicable law in Cameroon and the jurisdictions where we operate.
For visitors from California (USA), our processing is also aligned with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We do not sell your personal information to third parties.
For visitors from Cameroon and other African Union member states, our data processing practices comply with Cameroon Law No. 2010/012 of 21 December 2010 on Cybersecurity and Cybercrime and are guided by the principles of the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention, 2014).
4. Third-Party Service Providers
To operate our website and deliver our services, we work with carefully selected third-party service providers. These providers support us with secure website hosting, database management, authentication, email delivery, booking management, video meetings, analytics, security, and website performance improvement.
These providers process personal data only where necessary for the purposes described in this Privacy Policy. Depending on how you interact with our website, this may include your name, email address, phone number, company name, project details, booking information, communication data, device information, IP address, browser information, and website usage data.
Analytics and website behavior measurement tools are used only where legally required consent has been given. You can manage or withdraw your consent through our cookie settings.
Some providers may process data outside your country or region. Where required, we use appropriate safeguards such as contractual protections, data processing agreements, and transfer mechanisms required by applicable data protection laws.
We do not sell, rent, trade, or share your personal data for unrelated third-party marketing purposes.
5. International Data Transfers
Some of our technology providers may process data on servers located in the United States or other countries outside the EU/EEA. Where this occurs, transfers are carried out under appropriate safeguards, including the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreements (IDTAs) where applicable.
As a Cameroon-based business serving a global clientele, we acknowledge that cross-border data flows are an inherent part of our operations. We take reasonable steps to ensure that any international transfer is subject to an adequate level of protection.
7. How Long We Keep Your Data
We keep your data only as long as necessary for the purpose it was collected:
- Inquiry and contact form submissions: Retained for 3 years after the last interaction, or until you request deletion.
- Booking records: Retained for 5 years for business and accounting purposes.
- Newsletter subscriptions: Retained until you unsubscribe. After unsubscription, your email is marked inactive and purged after 90 days.
- Analytics data: Website usage and behavioral data retained for up to 26 months; session recording data for up to 13 months.
- Server logs: Retained for up to 90 days by our hosting infrastructure.
8. Your Rights
Depending on your location, you have certain rights over your personal data. We respect these rights for all our users, regardless of jurisdiction.
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure ('right to be forgotten'): Ask us to delete your personal data, where no legal obligation requires us to retain it.
- Right to restriction of processing: Ask us to limit how we use your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
EU / EEA and UK residents
You have the right to lodge a complaint with your national data protection authority. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), or the supervisory authority in your federal state. In the UK, this is the Information Commissioner's Office (ICO).
California residents (CCPA / CPRA)
California residents have the right to know what personal information is collected about them, the right to delete personal information, the right to correct inaccurate information, the right to opt out of the sale or sharing of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights.
To exercise any of these rights, email hello@dovmadigital.com with the subject line 'Data Rights Request'. We will respond within 30 days.
9. Children's Privacy
Our services are intended for businesses and professionals. We do not knowingly collect personal data from children under the age of 13. If you believe a child has submitted personal information to us, please contact us immediately at hello@dovmadigital.com and we will delete it promptly. This policy is consistent with the US Children's Online Privacy Protection Act (COPPA).
10. How We Protect Your Data
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include:
- TLS encryption for all data transmitted to and from our website
- Row-level security (RLS) on our database to enforce strict access controls
- Role-based access control in our admin system, so team members only access data required for their role
- Secure environment variable management for all API keys and credentials
No method of transmission or storage is 100% secure. If you have concerns about the security of your data, contact us at hello@dovmadigital.com.
11. Email Communications
Our email communications comply with the US CAN-SPAM Act. Every marketing email we send includes a clear sender identity, an honest subject line, our physical address, and a working unsubscribe link. We honor all unsubscribe requests promptly. Transactional emails (booking confirmations, inquiry responses) are not subject to the same opt-out requirements but can be minimized on request.
12. Changes to This Policy
We may update this Privacy Policy from time to time as our practices evolve or as required by law. When we make material changes, we will update the 'Last Updated' date at the top of this page. We encourage you to review this policy periodically.
13. Contact Us
For any questions, requests, or concerns related to your privacy, please contact our data team:
- Email: hello@dovmadigital.com
- WhatsApp: +49 157 57890197
- Address: DOVMA Digital, Yaoundé, Cameroon