Moja korpa

Vaša korpa je prazna

PRIVACY POLICY

2026-02-03T12:12:23+01:00

Last updated: 03.02.2026

 

1. WHO WE ARE (DATA CONTROLLER) AND HOW TO CONTACT US

Controller: [FULL LEGAL NAME], [LEGAL FORM] (the “Company”, “we”, “us”)

Registered office / seat: [ADDRESS]

Company registration / ID: [REGISTRATION NUMBER / PIB / MB]

Email (privacy contact): [EMAIL]

Phone: [PHONE]

Website / Online store: [URL]

Data Protection Officer (if appointed): [NAME], [EMAIL], [PHONE]

 

2. SCOPE AND DEFINITIONS

This Privacy Policy explains how we collect and use personal data in connection with (i) the operation of our online store and website; (ii) the sale and delivery of goods/services; and (iii) our communications and customer support. It applies to customers, prospective customers, website visitors, and representatives of business customers (“you”).

Where the General Data Protection Regulation (EU) 2016/679 (“GDPR”) is applicable (e.g., if we are established in the EEA or target EEA individuals), we apply GDPR standards. We also process personal data in accordance with the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti) and other applicable laws.

 

3. CATEGORIES OF PERSONAL DATA WE PROCESS

Depending on how you interact with us, we may process the following categories of personal data:

Identification and contact data: Name, surname, username, email address, phone number, billing and delivery address, language and communication preferences.

Order and contract data: Order details, products/services purchased, purchase history, delivery status, invoices/receipts, correspondence relating to orders, returns and complaints.

Payment and refund data: Payment status, transaction identifiers, refund details; bank account number (only if needed for refund). Payment card data is processed directly by our payment service providers (we do not store full card details).

Account and authentication data: Account credentials (stored in a secure, encrypted/hashed form (as applicable)), login history, security tokens and related technical identifiers.

Technical and usage data: IP address, device identifiers, browser type, operating system, timestamps, pages viewed, referral source, cookies and similar technologies.

Business customer representative data: Name, business email/phone, role/position, and communications with us.

Legal and compliance data: Information necessary to comply with legal obligations or to establish, exercise or defend legal claims (e.g., dispute and complaint records).

Optional data you provide: Any information you choose to provide when you contact us (e.g., via forms, chat, or email).

 

4. SOURCES OF PERSONAL DATA

We collect personal data:

  • Directly from you (e.g., when you create an account, place an order, contact us, or participate in promotions);

  • Automatically through your use of our website (e.g., log files, cookies, analytics);

  • From third parties involved in providing our services (e.g., payment providers, couriers, IT/hosting providers), strictly as necessary to perform our contract and run our business;

  • From public sources where lawful and relevant (e.g., company registers for business customers).

 

5. PURPOSES AND LEGAL BASES

 

We process personal data only where we have a lawful basis. The main purposes and legal bases are:

Account registration and administration: Contract / pre-contractual steps (GDPR Art. 6(1)(b); and art 13 of the Law on Personal Data Protection of the Republic of Serbia).

Order processing, delivery, returns, warranties, customer support: Contract / pre-contractual steps.

Issuing invoices and accounting/tax compliance: Legal obligation.

Fraud prevention, security, and protection of our systems: Legitimate interests (security, fraud prevention).

Marketing communications (direct marketing): Consent (opt-in) and opt-out mechanisms; see Section 6.

Marketing to prospects (newsletters, promotions): Consent (where required).

Analytics and service improvement: Legitimate interests; cookies/trackers may require consent depending on applicable e-privacy rules.

Handling disputes, claims, and regulatory requests: Legal obligation and/or legitimate interests; establishment, exercise or defense of legal claims.

 

6. MARKETING COMMUNICATIONS (DIRECT MARKETING)

 

Scope

We may send you marketing communications (e.g., newsletters, promotions, product updates, discount codes) via e-mail, SMS, push notifications or similar electronic channels.

 

Legal basis

(a) Consent (opt-in): We will send electronic marketing communications to individuals only if you have provided your prior consent (opt-in), where required by applicable law. You may withdraw your consent at any time.

(b) Non-marketing / service messages: Messages strictly necessary to perform a contract or provide requested services (e.g., order confirmations, delivery updates, payment status, customer support replies, security notices) are not marketing communications.

 

Where we communicate with business contacts acting in a professional capacity, different rules may apply depending on the channel and applicable law; we will always provide a simple opt-out.

 

How we obtain consent

You may provide consent by ticking an optional marketing checkbox, subscribing to our newsletter, or through similar opt-in mechanisms. Consent is not a condition for purchasing our products/services unless expressly stated.

 

Opt-out / Withdrawal

Each marketing e-mail contains an “unsubscribe” link. You can also opt out by contacting us at [EMAIL] or by using your account preferences (if available). For SMS, you may opt out by following the instructions in the message. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

 

Right to object to direct marketing

You have the right to object at any time to the processing of your personal data for direct marketing purposes, including related profiling. If you object, we will stop processing your personal data for direct marketing without undue delay.

 

Data used for marketing

Depending on the context, we may use contact details (e.g., e-mail, phone), marketing preferences, purchase history, and interaction data (e.g., newsletter opens/clicks) to manage, measure and improve marketing communications. We do not use special categories of personal data for marketing.

 

Service providers

We may use marketing service providers (e.g., e-mail/SMS platforms) acting on our instructions as processors under written agreements. We do not sell your personal data.

 

7. WHETHER YOU MUST PROVIDE PERSONAL DATA

Some personal data is necessary to enter into and perform a contract with you (e.g., name, delivery address, and contact details). If you do not provide mandatory data, we may be unable to process your order or provide requested services. Other data is optional (e.g., marketing preferences) and you can choose whether to provide it.

 

8. RECIPIENTS AND PROCESSORS

We may share personal data with:

  • Payment service providers (for payment processing);

  • Delivery and logistics partners (couriers);

  • IT and cloud providers (hosting, email/SMS delivery, customer support/CRM, analytics and security tools), acting as processors or independent controllers depending on the service;

  • Marketing communication providers (e-mail/SMS/push platforms), where used;

  • Professional advisors (lawyers, accountants, auditors) where necessary;

  • Public authorities and regulators, courts, and law enforcement where required by law or to protect our rights.

We use processors under written agreements that require appropriate security and confidentiality and restrict processing to our instructions.

 

9. INTERNATIONAL TRANSFERS

If we transfer personal data outside Serbia and/or the EEA, we ensure an adequate level of protection through recognized mechanisms (e.g., adequacy decisions, standard contractual clauses, or other safeguards), and we provide information about the safeguards upon request.

 

10. DATA RETENTION

We retain personal data only for as long as necessary for the purposes described above, unless a longer retention period is required or permitted by law (e.g., accounting, tax, consumer protection, and dispute-related retention). Retention periods depend on the category of data and the applicable document retention rules. Once retention expires, we delete or anonymize the data, or archive it where permitted.

Illustrative retention (to be tailored to local requirements):

  • Order and invoice data: retained for the statutory accounting/tax retention period; 

  • Customer account data: retained while the account is active, and for a limited period thereafter unless we must keep it longer for legal reasons;

  • Marketing consents: retained until withdrawn or for as long as needed to demonstrate compliance;

  • Dispute and complaint records: retained for the duration of the dispute and relevant limitation/appeal periods.

 

11. SECURITY

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction, taking into account the state of the art, implementation costs, and the nature of the processing. Measures may include access controls, encryption in transit, backups, logging, and staff confidentiality obligations.

 

12. YOUR RIGHTS

Subject to applicable law and conditions, you may exercise the following rights:

  • Access to your personal data and a copy of it;

  • Rectification of inaccurate or incomplete data;

  • Erasure of data (in certain cases);

  • Restriction of processing (in certain cases);

  • Objection to processing based on legitimate interests (in certain cases);

  • Data portability (where applicable);

  • Withdrawal of consent at any time (where processing is based on consent);

  • Lodging a complaint with the competent supervisory authority.

To exercise your rights, please contact us using the details in Section 1. We may need to verify your identity. We will respond within the time limits prescribed by law.

 

For marketing-related opt-out/withdrawal and the right to object to direct marketing, please see Section 6.



13. SUPERVISORY AUTHORITY (SERBIA)

You have the right to lodge a complaint with the Serbian data protection authority:

Commissioner for Information of Public Importance and Personal Data Protection

Address: 15 Bulevar kralja Aleksandra street, 11120 Belgrade, Serbia

Email: office@poverenik.rs

Tel: +381 11 3408 900

Website: www.poverenik.rs

 

14. COOKIES AND SIMILAR TECHNOLOGIES

We use (i) strictly necessary cookies (always on), (ii) preference cookies, and (iii) analytics/marketing cookies (only where you consent, where required). You can change your preferences at any time via [COOKIE SETTINGS LINK].

 

15. AUTOMATED DECISION-MAKING

We do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you. If this changes, we will inform you and provide meaningful information about the logic involved and the expected consequences.

 

16. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The updated version will be published on our website with an updated “Last updated” date. Where required, we will provide additional notice to you.

Koristimo kolačiće kako bismo osigurali da naš sajt ispravno funkcioniše i poštuje sva pravila i dobre prakse zaštite vaših ličnih podataka. Stranica sa uslovima