Privacy Policy

1. Dates of issuance of notices on personal data processing

October 25th, 2022.

2. The purpose of the notification on the processing of personal data

By this Notification about the processing of personal data (hereinafter: Notice), users of the site (hereinafter: Service) are informed about all relevant information regarding the processing of user personal data.

Bearing in mind the legal regulations in the field of privacy of personal data of natural persons, primarily the Personal Data Protection Act (hereinafter: ZZPL), it is very important for us that you read this Notice carefully so that you are familiar with the types of personal data that we most often process, for what purposes we process your personal data, who has access to your data, and in particular to make you aware of your rights regarding the processing of personal data.

We take care of the protection of your personal data and fully support your rights as a User provided by the ZZPL. Personal data is any data relating to a natural person whose identity is determined or determinable, directly or indirectly, in particular, based on an identity marker, such as name and identification number, location data, identifiers in electronic communication networks or one, i.e. more features of his physical, physiological, genetic, mental, economic, cultural and social identity.

Questions, complaints, requests and additional information about the Privacy Notice, protection of personal data and about exercising your rights can be sent to the following e-mail address:

3. About us

The Service represents information society service provided by INFOSTUD 3 DOO SUBOTICA, Vladimira Nazora 7, 24000 Subotica, Republic of Serbia, registration number: 20175095, TAX ID: 104505119 (hereinafter: Company). Therefore, in this Notice, “we” and “our” refer to the Company.

By using the services of the Service, you provide us with information, some of which is your personal data. Depending on the purpose, we process your data in the capacity of the controller. The controller is an entity that independently or together with other entities determines the purpose and method of personal data processing. Please familiarize yourself with the content of the Terms of Service before reading the Notice.

4. The legal basis of processing

For some processing purposes, your personal data will be processed based on your consent to the processing of personal data with prior notification of all relevant aspects of the processing. It is important that you know that you can withdraw your consent at any time and without explanation, which results in the termination of further processing.

Also, in some situations, there is a legitimate interest in processing your data, such as when processing is necessary for the purpose of preventing fraud or potential abuse. Your personal data may be processed if the law requires us to do so. Also, your personal data can be processed if the processing is necessary to protect your vital interests. If your personal data is processed under any law requirements or in order to protect your vital interests, we will inform you about it.

5. The purpose of processing, period and data processed

All the data requested is collected for a specific purpose, about which you will always be clearly informed.

Your personal data will be stored for as long as it is necessary to achieve a specific purpose, or until the moment of revocation of the given consent, i.e. until the end of the time period for which you have given us consent for processing, after which the data is deleted or rendered unrecognizable. Exceptionally, your data can be stored even after withdrawing consent or fulfilling its purpose, in situations where it is necessary for the execution of our legal obligation or to submit, realize or defend a legal claim.

Personal data is processed to provide users with the service and functionality offered by the Service, measure usage and improve the Service, protect users and enable them to use the site without interruption while providing support from the user sector. More details about the purposes and timing of the processing of your information can be found below.

6. Our legitimate interest

In order to achieve our business purpose, your personal data is processed based on legitimate interest. Of course, this is performed only if your interest or your fundamental rights and freedoms do not outweigh our legitimate interest. We use legitimate interest to:

  • diagnosed technical problems with the Service;
  • have a better understanding of you as a user through your behaviour, your interests and your preferences;
  • protect our business and provide support to our users;
  • test and develop new products and services and improve existing ones;
  • identify and protect users of the Service and the Service itself from fraud or illegal activities.

By using the Service, you agree that certain employees of the Service may contact you based on your contact information provided by you in order to warn you of certain irregularities and to diagnose technical problems with the Service or in case there is a suspicion that certain fraudulent or illegal activities are taking place (e.g. hacker attacks, sending inappropriate files, spam and the like) in order to protect against unwanted consequences.

The basis of the processing is our legitimate interest as the owner of the Service. For the purpose of protecting the Service, the following data is processed: behaviour on the site (the web pages you have visited), IP address, information about the access device, browser and operating system, and the like.

At any time, you can object to this kind of processing of your personal data at the following e-mail address: For more information about your rights, please see the Your Rights section below.

7. Safety of Your data

In order to secure the data processed, we always strive to apply the necessary standards in the protection of personal data, and to apply all the necessary technical, organizational and personnel protection measures in accordance with the requirements of the valid ZZPL, including, but not limited to: technical protection measures, protection measures related to physical access to the place where data is stored, measures to protect the information security of the data under current regulations, and other measures that are suitable for processing and necessary to ensure the protection of specific personal data. Third parties that process data are also obliged to implement all necessary technical, organizational and personnel measures.

8. Transfer of personal data to other countries

Certain processors who can access personal data are based in foreign countries, primarily in EU member states, i.e. in member states of the Council of Europe Convention 108. The transfer of data to these countries is based on the default level of adequate protection of personal data in those countries, under the law. If some processors have their headquarters outside the above-mentioned group of countries, the disclosure of data would be possible only with the application of the provisions of Article 65 of the ZZPL, which regulates the transfer with the application of appropriate protection measures.

9. Your rights in relation to the personal data processed

  1. TRANSPARENCY: When you provide us with personal data, we will transparently inform you about the purpose for which we need certain data, who uses this data, and we will provide you with all other information relevant to the processing of your data (this right is fulfilled by providing access to this Notice).
  2. RIGHT TO INSPECTION: You have the right to be informed about whether we are processing your personal data, and if we are processing them, you have the right based on the performed inspection to request correction, addition, update, deletion of data, as well as interruption and temporary suspension of processing. How we process your personal data as controllers – you have the right to receive all information from us about the processing in question.
  3. RIGHT TO CORRECTION, AMENDMENT AND UPDATE: Data processed should be accurate and complete. You have the right to have your incorrect personal data corrected without undue delay, i.e. incomplete data supplemented.
  4. RIGHT TO DELETE: You have the right to have your personal data deleted in accordance with the ZZPL. If it is necessary for us to continue processing in order to fulfill our legal obligations (e.g. the Accounting Act and the like) or for the purpose of submitting, exercising or defending a legal claim, we will delete only part of the data that is no longer necessary for us.
  5. RIGHT TO TRANSFERABILITY: If you want from us (I) to receive from us in a structured, commonly used and electronically readable form the personal data that you submitted to us during registration or (II) to transfer to another controller the personal data that you submitted to us as a controller, you have the right to that is what you request from us, provided that the processing is based on consent or a contract and that the processing is carried out by automated means.
  6. RIGHT TO LIMITATION OF PROCESSING: You have the right to request the restriction of processing of your personal data in certain situations.
  7. RIGHT TO OBJECT: You have the right to object to the processing of your personal data based on a legitimate interest.
  8. THE RIGHT TO ADDRESS THE COMPETENT AUTHORITY: the right to submit a complaint to the Commissioner for Access to Information of Public Importance and Protection of Personal Data – Bulevar Kralja Aleksandra No. 15, 11120 Belgrade, phone: +38111 3408 900, e-mail:
  9. ALL OTHER RIGHTS PROVIDED BY LEGAL REGULATION: The person to whom the data refers can exercise his rights by sending a request to the email address

In order to fulfill the above-mentioned requirements, the Company will provide you with all necessary additional information, as well as assistance, in accordance with the conditions and in the manner prescribed by the valid ZZPL. You can exercise your rights by sending a request to the following email address: We will respond to your request as soon as possible, and no later than within 30 days from the date of receipt of the request. In case of complexity or a large number of requests, it is possible that we will need an additional period to respond to the request. That term cannot be longer than 90 days and we will inform you about it separately. If your request is clearly unfounded or is repeated frequently, we may refuse it or charge you the costs of its implementation. It is considered a frequent repetition when you contact us with a request to exercise one of the rights more than once in one year. If you contact us two or more times in one year for the same right, we will respond to your request only if you have a valid reason.

10. Who is access to Your data – Recipients

Depending on the specific purpose, the following may have access to certain data about the user’s personality:

  • Employees of the Company, as well as part-time and similar collaborators (who undertake to keep data confidential), only to the extent that it is necessary for the purposes of the processing.
  • The company, as part of a group of companies, can forward data to its related parties, when necessary and always within the scope of our legitimate interest and defined purpose.
  • Newly established entities or entity acquiring ownership of the Company, if the Company is involved in a merger, acquisition, purchase, sale of shares or other status change.
  • Our partners, who perform certain processing tasks for the Company as processors, such as external collaborators who provide us with certain services, as well as software companies that create and maintain the software in which data is stored.
  • Exceptionally, personal data can also be submitted to the competent state authorities, if this is a legal obligation of the Controller, and only to the extent that it is necessary to fulfil a specific legal obligation.
  • To any other recipient when reasonably necessary, e.g. in case of danger to life.

All recipients are required to take appropriate technical, organizational and personnel measures to protect your personal data. In situations where we are the handlers and the data is processed on our behalf by a third party as a processor, we regulate relations with the processors by contract, which regulates all important aspects of personal data processing as well as protection measures.

List of processors:

  • Google Ireland Ltd (Ireland)
  • Facebook Ireland Limited (Malta)
  • Zoho (USA)

11. Consent and Withdrawal of Consent

If you have given us consent for processing, you can revoke it at any time. In the event that you revoke your consent, we stop further processing of your personal data and delete that personal data within a maximum period of 90 days from the day you sent your withdrawal of consent. The withdrawal of consent is free and you can forward it to the following email address

12. Website Policy

Our website uses different technologies, some of which are controlled by us (first parties) and some of which are controlled by other organizations (third parties).

The technologies used include (but are not limited to) cookies and scripts. Some of them are necessary for the functioning of this website and for our understanding of your use of the website. These technologies are also used for marketing and other purposes, as described below.

The use of cookies enables some functionalities of our website, as well as your better user experience. In order to provide better customer service, our website uses certain external scripts such as Google Analytics, Facebook Pixel, Google Ads and similar, which may collect some of your personal data.

13. Final regulations

This is the latest version of the Notice (October 25, 2022).

This Notice is subject to change. If this Notice is changed or amended, the date of the last version of the document will be entered.