Privacy Policy –
www.dokimazo.io and subdomains
Last Update: 22 December 2025
Privacy Policy –
www.dokimazo.io and subdomains
Last Update: 22 December 2025
What this document is
This privacy notice is drafted in accordance with Articles 13 and 14 of European Regulation No. 679/2016 (GDPR) and aims to inform each user (“the User”) about the processing of personal data collected through the website https://dokimazo.io/ (“Site”).
Purposes of Processing, Legal Basis, Personal Data Processed and Retention Period
The Controller collects personal data for the purposes listed below, together with the applicable legal basis and data retention period.
| Purpose | Personal Data | Legal Basis | Retention Period |
|---|---|---|---|
| Website navigation. To allow the User to browse the Website and access related services, in particular to obtain anonymous statistical information on the use of the Website and services and to ensure their proper functioning. | ✓ IP addresses or domain names of devices used to connect to the Website✓ URI (Uniform Resource Identifier) addresses of requested resources, request time, request method, size of response file, numeric code indicating the response status (success, error, etc.) | Performance of pre-contractual and contractual measures [Art. 6(1)(b) GDPR]Legitimate interest of the Controller [Art. 6(1)(f) GDPR] | 7 days from collection |
| Website registration and account management | ✓ Personal details (first name, last name)✓ Contact details (email address) | Performance of pre-contractual and contractual measures [Art. 6(1)(b) GDPR] | Until account deletion by the User or, failing that, 24 months from last access |
| Conclusion, performance and management of the contract with the Controller, including service provision, payment management and communications. Certain services may use AI systems (see “AI-provided services”). | ✓ Personal details (first name, last name)✓ Contact details (phone number)✓ Education and professional career data✓ Other data provided by the User✓ AI-inferred data (e.g. User skills) | Performance of pre-contractual and contractual measures [Art. 6(1)(b) GDPR] | For the entire duration of the contract and for the time required to comply with legal retention obligations and limitation periods under Articles 2946 et seq. of the Italian Civil Code |
| Customer service and support (email, phone calls, instant messaging services) | ✓ Personal details (first name, last name)✓ Contact details (phone number, email address)✓ Details of support requests | Performance of pre-contractual and contractual measures [Art. 6(1)(b) GDPR] | For the time necessary to respond |
| Newsletter – sending information about the Controller’s products, services and events | ✓ Personal details (first name, last name)✓ Contact details (email address) | Consent [Art. 6(1)(a) GDPR] | Until consent is withdrawn or the User unsubscribes |
| Website and service improvement and AI system training, including evaluation of AI outputs to ensure accuracy, effectiveness and absence of bias | ✓ Personal details (first name, last name)✓ Contact details (phone number)✓ Education and professional career data✓ Other data provided by the User✓ AI-inferred data (e.g. User skills) | Legitimate interest of the Controller [Art. 6(1)(f) GDPR] | Until User objection or, failing that, 24 months from last access |
| Compliance with legal, accounting and tax obligations | ✓ Personal details (first name, last name)✓ Contact details (email address, phone number) | Legal obligation [Art. 6(1)(c) GDPR] | As required by applicable law |
| Fraud prevention and exercise of the Controller’s rights before judicial authorities | ✓ Personal details (first name, last name)✓ Contact details (email address)✓ IP address✓ Domain names of devices used to connect to the Website✓ URI addresses of requested resources and request time | Legitimate interest of the Controller [Art. 6(1)(f) GDPR], including protection against unlawful conduct and the constitutional right of defence (Art. 24 Italian Constitution) | 10 years |
The User may request clarification on the legal basis of each processing activity at any time.
Data Controller and Contact Details
DOKIMAZO S.R.L. BENEFIT COMPANY (hereinafter the “Controller”), with registered office at Via Luciano Manara 15, Milan (MI), Italy – email: welcome@dokimazo.io.
Source of Data
The Controller processes personal data provided by the User during registration on the Website and during the use of related services.
Where the User registers through an account on another platform (e.g. LinkedIn, Google, etc.), the Controller will also process the data received from such provider.
The provision of certain services through artificial intelligence systems involves the processing of personal data inferred by such systems, such as skills included in the Wallet.
AI-Provided Services
To provide certain services requested by the User (purpose C)), data uploaded to the Website may be processed through an artificial intelligence system (“AI”).
AI is used to support the User in compiling and managing their Wallet. In particular, the AI system analyses the information provided by the User to infer relevant skills. The logic of the AI system is based on the comparison between qualifications included in international frameworks and corresponding skills, also taking into account previous user interactions with their Wallet.
The Wallet (including AI-inferred information) may be made public and/or shared with other users depending on the choices made by the User on the Website.
Where requested by the User, AI may also be used to provide an AI assistant allowing other users and/or third parties to obtain information about the User’s Wallet through interaction with the Website chatbot.
Within the Website services, Wallet data may be used by public or private organisations to create and manage competence models for specific roles, assign objectives to employees or collaborators, and monitor training progress.
The User may at any time decide which skills to include in their Wallet (including AI-generated skills) and whether to enable the AI assistant. Therefore, processing does not involve automated decision-making producing legal effects or similarly significant effects on the User.
Nature of the Processing
Providing data for purposes A), B), C) and D) is necessary to use the requested services. Failure to provide such data will make service provision impossible.
Providing data for purpose E) is optional. Refusal to provide consent will not affect Website registration or service use.
Providing data for purpose H) is mandatory to allow the Controller to comply with legal obligations.
Providing data for purposes F) and I) is necessary to pursue the Controller’s legitimate interests.
If the User chooses not to provide mandatory or necessary data, the Controller reserves the right not to provide the service.
Processing Methods
Processing is carried out using automated and/or manual IT and telematic tools, applying appropriate security measures to prevent unauthorized access, disclosure, loss, misuse or unlawful processing.
Access to Data
Website operation may involve sharing personal data with other users and/or third parties depending on the User’s role (learner, education provider, etc.) and actions.
Public Wallet: data contained in the Wallet are freely accessible by other users and third parties on the web.
Private Wallet: data are accessible only to subjects selected by the User.
Personal data may also be shared with:
Internet service providers and platforms used by the Controller;
Consultants and third-party service providers;
Entities involved in mergers, asset sales, financing or acquisitions;
OpenAI OpCo, LLC and OpenAI Ireland Ltd. (“OpenAI”), which provide the AI systems used on the Website. Data shared with OpenAI are anonymised and pseudonymised; OpenAI does not use such data for its own AI training purposes.
All such relationships are governed by contracts pursuant to Art. 28 GDPR.
Personal data are processed by authorised personnel pursuant to Art. 29 GDPR. A list of authorised staff is available upon request at privacy@dokimazo.io.
Place of Data Processing
Personal data may be transferred to third countries outside the EU, including the United States.
Where cloud providers outside the EEA are used, data processing is carried out in compliance with applicable law using appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or other GDPR-compliant mechanisms.
Data Subject Rights
The User may exercise all rights under Articles 15–21 GDPR at any time by contacting welcome@dokimazo.io. Requests are free of charge and processed within 30 days.
The User may:
obtain confirmation of processing (Art. 15);
request rectification (Art. 16);
request erasure (Art. 17);
request restriction of processing (Art. 18);
receive data in a machine-readable format and request data portability (Art. 20);
object to processing at any time (Art. 21).
Complaints
The User may lodge a complaint with the competent supervisory authority (Italian Data Protection Authority – Garante per la Protezione dei Dati Personali) pursuant to Art. 77 GDPR if they believe their data are processed unlawfully.
Amendments
The Controller reserves the right to amend and update this Privacy Policy following new national or EU legislation on personal data protection.