Privacy Policy

---

Introductory remarks

This agreement represents the official Privacy Policy of the website MLADEN SAVIĆ PR HOSTING TRUE-FALSE BELGRADE - ZVEZDARA PIB: 113369208, which is located at the Internet domain: https://truefalsehosting.rs (hereinafter: Platform).

The data processing carried out on the website is in accordance with the Law on the Protection of Personal Data ("Official Gazette of the RS", No. 87/2018) and the Rulebook on the Protection of Personal Data of a Business Entity, and represents the relationship between the Controller and the Person whose data is processed as processing subjects:

1. The operator is the business entity MLADEN SAVIĆ PR HOSTING TRUE-FALSE BELGRADE - ZVEZDARA PIB: 113369208, (hereinafter: Platform Owner);
2. The person whose data is processed is a natural person who submits personal data on the Platform, in the place provided for that (hereinafter: Platform User).

The privacy policy has the legal nature of a contract.

The contract is concluded between the Platform Owner (Operator) and the Platform User, and at the moment of consent to the processing of data through the Platform, by the Platform User.

The privacy policy is accepted by the active action of the person who thereby confirms that he has read and understood this privacy policy.

In the event that the Platform User has problems with understanding the Privacy Policy, that is, his rights in connection with the protection of personal data, he may contact the Personal Data Protection Officer of the Platform Owner (Article 13).

The purpose of the privacy policy is to enable the safe processing of personal data of the Platform User, that is, to establish the scope, method, purpose and legal basis of the processing of personal data through the Platform.

Subject

Article 1.

The subject of the Privacy Policy is the relationship between the Operator/Owner of the Platform and the Users of the Platform, regarding the processing of data through the Platform of the website at the internet domain https://truefalsehosting.rs/.

Types of data

Article 2.

The Platform Owner collects the following personal data of the Platform User through the Platform, when selecting and purchasing a service:

1. If the user is a natural person:
   • Have an address, 
   • name and surname  
   • Phone numbers
   • password (independently chosen for this purpose);
   • Residential address and postal code, 
2. If the user is a legal entity:
   • Business name of the company
   • Registration number of the company
   • Pib 
   • Contact details of the employee 

Purpose of data collection

Article 3.

The purpose of collecting personal data from Article 2, paragraph 1, points 1 and 2 is to access the Platform, i.e. enabling the Platform User to access the digital services that he wants to buy or has bought from the Platform Owner, through the Platform. https://truefalsehosting.rs . 

The secondary purpose of collecting email addresses from Article 2, Paragraph 1, Point 1 is to inform about the offers of the Platform Owner, through the email marketing system, which the user can accept or reject. 

The purpose of collecting personal data from Article 2, paragraph 3, is to pay by payment card in order to purchase the selected service.

When entering payment card data, confidential information is transmitted via a public network in a protected (encrypted) form using the SSL protocol and PKI system.

Data security during purchases is guaranteed by the payment card processor, owned by NLB Komercijalna banka AD Beograd, so the entire payment process is carried out on the bank's website.

Legal basis of data collection

Article 4.

The legal basis for the collection of personal data referred to in Article 2, paragraph 1, is the contract entitled Terms of Use of the Site, according to which the Platform User has the right to access the services of the digital society offered by the Platform Owner. 

The legal basis for the collection of personal data referred to in Article 2, paragraph 2, is the implementation of a contract for the purchase and sale of one of the services.

Data protection

Article 5.

Collected data is stored in electronic form, in databases to which a limited number of persons in the legal entity Platform Owner have access.

The hosting company is obliged to treat the personal data it comes into contact with in connection with the Platform in the same way as the Platform Owner treats this data.

In the event of a major risk to data or a major threat to data, such as a data leak, hacker attack, database theft, the Platform Owner will notify the Commissioner for Information of Public Importance and Protection of Personal Data.

In case of suspicion of unauthorized access to computer devices owned by the Platform Owner, the Platform Owner will change the passwords as soon as possible and take other necessary measures to prevent future activities that violate the security of the Platform User's personal data.

Data retention period

Article 6.

Personal data will not be kept longer than is necessary to achieve the purpose for which it was processed.

In certain cases, personal data may be stored for a longer period of time, for the purposes of fulfilling legal obligations or for the establishment, exercise or defense of a legal claim, in accordance with applicable laws.

Each User of the Platform can request the deletion of his personal data at any time. 

Links (backlinks)

Article 7.

The Platform in question may contain links to other sites that are not under the control of the Platform Owner and are not subject to this Privacy Policy.

Cookies

Article 8.

The platform uses cookies to improve the user experience.

The Platform User can be informed about the way cookies are used via Cookie Policy, which is a separate document.

Automated decision making and profiling

Article 9.

The Platform Owner does not make decisions and does not perform automated profiling.

Rights of persons whose data is processed

Article 10.

The person whose data is processed through the site has the following rights regarding the protection of personal data:

- Right to information - Employees and other persons to whom the data refer have the right to be informed about their rights, obligations and about issues related to the processing of their personal data, in the sense of ZZPL, even before the processing of such data begins.

- Right to access - Employees and other persons to whom the data refer have the right to request the Company to provide access to their personal data, i.e. the right to determine the subject, method, purpose and scope of the processing of that data, as well as to ask questions about the processing itself.

- The right to correction and amendment - After the inspection, the persons to whom the data refer have the right to request from the Company the correction, amendment, or updating of the processed personal data.

- Right to erasure - The person to whom the data relates can request from the Company the erasure of their personal data in accordance with the ZZPL, as well as the interruption or temporary suspension of processing.

- Right to withdraw consent for processing - In situations where the legal basis for processing personal data is the consent of the person to whom the data refer, that person has the right to withdraw the given consent at any time, in writing.

- Right to restriction of processing - The person to whom the data refers, in accordance with the ZZPL, has the right to request from the operator that the processing of his personal data be restricted.

- The right to data portability - The person to whom the data refers can request the transfer of personal data to another operator, when it is technically feasible, that is, when the personal data, which is the subject of the transfer request, is in a structured and machine-readable format.

- The right to object and automated individual decision-making - If he considers that it is justified in relation to the particular situation in which he is, the person to whom the data refers has the right to submit an objection to the processing of his data at any time to the controller, as well as that a decision made solely on the basis of automated processing, including profiling, is not applied to that person, if that decision produces legal consequences for that person or that decision significantly affects his position.

The user of the Platform has the right to object to the processing of personal data for the purpose of direct marketing and to request the restriction of processing in some other cases.

If the Platform Owner intends to further process personal data for another purpose that is different from the one for which the data was collected, he is obliged to provide the Platform User with information about that other purpose, as well as all relevant information in accordance with the right to information of the person whose data is being processed, before starting further processing.

Transfer of data to third parties

Article 11.

The Platform Owner transfers the data to the company that provides the selected services on behalf of and at the behest of the Platform Owner.

The Platform Owner exports the data from the country, as the data is stored on servers located in Germany and the Netherlands.

The Platform Owner does not export data from the country and does not transfer data to third parties in the country and abroad, except with the express consent of the person and in exceptional, legally prescribed situations, without the permission of the Platform User.

In case of sale of the business entity, the Platform Owner, the databases will be disposed of in accordance with the law and they may become the property of the Platform buyer or the Platform Owner.

Personal data protection mechanisms

Article 12.

The personal data protection mechanisms that are made available to any person who believes that their data is threatened or violated are internal and external mechanisms.

The person in charge of personal data protection

Article 13.

The Personal Data Protection Officer of the Platform Owner can contact the Platform User, regarding all personal data protection issues, via email office@truefalsehosting.rs.

In case of any violation of personal data, in the case of a request to exercise any right, the Platform User has the right to contact the person in charge of personal data protection.

In the event that the Platform User is not satisfied with the response of the Platform Owner, i.e. the Person responsible for the protection of personal data at the Platform Owner, and upon the request to fulfill the rights regarding the protection of personal data, he has the right to file a complaint with the competent authority.

Competent authority

Article 14.

The competent authority for the protection of personal data on the territory of the Republic of Serbia is the Commissioner for Information of Public Importance and Protection of Personal Data.

Changes to the Privacy Policy

Article 15.

The Platform Owner reserves the right to modify this Privacy Policy at any time it deems appropriate, and all modifications shall take effect on the day of their publication.

Final provisions

Article 16.

The provisions of the Law on the Protection of Personal Data ("Official Gazette of the RS", No. 87/2018), as well as other regulations of the legal system of the Republic of Serbia, will apply to all matters not regulated by this contract.

Article 17.

In the event of a dispute arising from this contract, the court in Belgrade, Serbia is competent.

In Belgrade,

On 05.02.2024.