Register of processors and data recipients
List of processors and recipients that domilinko uses to process your personal data, within the meaning of Article 28 of the GDPR.
Last updated: 6 July 2026
1. Purpose
This register lists the processors and recipients of personal data within the meaning of Article 28 of Regulation (EU) 2016/679 (GDPR) that Espero-Soft Informatiques SRL, operating the domilinko platform, uses to provide its services.
A processor is an entity that processes personal data on behalf of domilinko, on the basis of documented instructions and a data processing agreement compliant with Article 28 of the GDPR. Recipients are entities to which data may be disclosed in connection with the performance of the services.
This register supplements and must be read together with our Privacy Policy, which sets out the purposes, legal bases and your rights regarding the processing of your personal data.
2. Hosting, OVHcloud
Purpose: hosting of the infrastructure and the domilinko platform (servers, databases, application runtime).
Processor: OVHcloud (OVH SAS).
Location: France, European Union.
Safeguards: data is hosted within the European Union. No transfer outside the EU is required for hosting. OVHcloud is bound by a data processing agreement compliant with Article 28 of the GDPR.
3. File storage, Amazon Web Services (AWS S3)
Purpose: secure storage of documents and files (identity documents as part of KYC, tenant rental file documents, energy performance certificate (EPC/PEB), photos of properties and contradictory inventories of fixtures, contractual and generated documents).
Processor: Amazon Web Services (Amazon Web Services EMEA SARL), Amazon S3 service.
Location: European Union, Ireland region (eu-west-1).
Safeguards: files are stored in a region located within the European Union. Access to files is provided through time-limited signed links. AWS is bound by a data processing agreement compliant with Article 28 of the GDPR.
4. Payment, Stripe
Purpose: processing of payments for short-term stays, owner subscriptions and tenant application fees, management of short-term security deposits (card hold / pre-authorisation) and of payouts to owners, as well as fraud prevention. No long-term lease rent is collected by the platform.
Processor: Stripe (Stripe Payments Europe, Ltd. for the European Economic Area, and Stripe, Inc. in the United States).
Location: European Union (Ireland) and United States.
Safeguards: Stripe acts as a processor and, for certain payment operations, as an independent controller under its regulatory obligations. Transfers to Stripe, Inc. in the United States are governed by the European Commission's Standard Contractual Clauses (SCCs) and by Stripe's certification under the EU-US Data Privacy Framework.
5. Mapping and geocoding, Google Maps
Purpose: display of maps and geocoding of property addresses. On public pages, only a deliberately blurred location point (approximately 300 m) is displayed: the exact address of the property is never made public.
Processor: Google Maps Platform (Google LLC).
Location: United States.
Safeguards: transfers to Google LLC in the United States are governed by the European Commission's Standard Contractual Clauses (SCCs) and by Google's certification under the EU-US Data Privacy Framework.
6. Sending of transactional e-mails
Purpose: sending of transactional and notification e-mails (account confirmation, password reset, booking confirmations, messaging notifications and alerts).
Processor: a transactional email provider (identity provided on request), via an SMTP service.
Location: the provider's location is provided on request.
Safeguards: the provider will be bound by a data processing agreement compliant with Article 28 of the GDPR. Any transfer outside the European Union will be governed by the Standard Contractual Clauses and, where applicable, by the EU-US Data Privacy Framework.
7. Identity verification / KYC
Purpose: verification of the identity of tenants and owners (checking of identity documents) as part of the know-your-customer (KYC) process and fraud prevention.
Processor: an identity verification (KYC) provider (identity provided on request).
Location: the provider's location is provided on request.
Safeguards: the provider will be bound by a data processing agreement compliant with Article 28 of the GDPR. Any transfer outside the European Union will be governed by the Standard Contractual Clauses and, where applicable, by the EU-US Data Privacy Framework.
8. Safeguards and contractual framework
Each processor is bound to domilinko by a data processing agreement compliant with Article 28 of the GDPR, which in particular requires processing data only on documented instructions, ensuring the confidentiality of persons authorised to process the data, implementing appropriate technical and organisational security measures, and assisting domilinko in complying with its obligations.
Transfers of personal data outside the European Union are governed in accordance with Articles 44 et seq. of the GDPR, by means of the Standard Contractual Clauses adopted by the European Commission and, where applicable, the certification of the relevant providers under the EU-US Data Privacy Framework.
The use of a sub-processor by any of our processors is subject to prior authorisation and the application of equivalent safeguards.
9. Updating the list
This list may change depending on the providers used by domilinko. Any substantial change (addition or replacement of a processor) is subject to prior information of the data subjects concerned.
You have the right to object, on grounds relating to your particular situation, to the use of a new processor. This right may be exercised by contacting us at dpo@domilinko.com.
10. Contact and exercise of rights
For any question relating to this register, the processors or the exercise of your rights (access, rectification, erasure, restriction, objection, portability), you may contact our data protection officer at dpo@domilinko.com.
For any other request relating to the services, you may write to info@domilinko.com. You also have the right to lodge a complaint with the Belgian Data Protection Authority (APD/GBA).
11. Governing law and disputes
These terms are governed by Belgian law. Failing an amicable resolution, any dispute falls under the exclusive jurisdiction of the Belgian courts.