Privacy Policy

Introductory Notes

This document represents the official Privacy Policy of MLADEN SAVIĆ PR HOSTING TRUE-FALSE BELGRADE – ZVEZDARA, VAT: 113369208, available at the internet domain: https://truefalsehosting.rs (hereinafter referred to as the Platform).

Data processing conducted on this website is in accordance with the Serbian Law on Personal Data Protection (“Official Gazette of RS”, no. 87/2018) and the Personal Data Protection Policy of the business entity. It governs the relationship between the Data Controller and individuals whose personal data is processed as Data Subjects:

  1. Data Controller – The business entity MLADEN SAVIĆ PR HOSTING TRUE-FALSE BELGRADE – ZVEZDARA, VAT: 113369208 (hereinafter: the Owner of the Platform);
  2. Data Subject – The individual who submits personal data through designated areas of the Platform (hereinafter: the User of the Platform).

This Privacy Policy has the legal nature of a contract. It is a contract of adhesion, meaning that the User of the Platform has the opportunity to accept or reject this Privacy Policy. If the User of the Platform rejects the Privacy Policy, they will not be granted access to certain functions of the Platform.

The contract is concluded between the Owner of the Platform (Data Controller) and the User of the Platform at the moment the User consents to the processing of data through the Platform.

The Privacy Policy is accepted through the active action of the individual, confirming that they have read and understood this Privacy Policy.

If the User of the Platform has difficulty understanding the Privacy Policy or their rights concerning personal data protection, they may contact the Data Protection Officer of the Owner of the Platform (see Article 13).

The purpose of the Privacy Policy is to ensure the safe processing of the personal data of Platform Users, to establish the scope, method, purpose, and legal basis for processing personal data through the Platform.

Subject

Article 1.

The subject of this Privacy Policy is the relationship that arises between the Data Controller/Owner of the Platform and the User of the Platform regarding data processing via the Platform, available at https://truefalsehosting.rs/.

Types of Data

Article 2.

The Owner of the Platform collects the following personal data from the Platform Users when selecting and purchasing services:

  1. If the User is an individual:
    • Email address,
    • Full name,
    • Phone number,
    • Password (self-chosen for this purpose);
    • Residential address and postal code,
  2. If the User is a legal entity:
    • Business name of the company,
    • Company registration number,
    • Tax identification number (TIN),
    • Contact information of an employee.

Purpose of Data Collection

Article 3.

The purpose of collecting personal data as specified in Article 2, Paragraph 1, Items 1 and 2, is to allow the User access to the Platform and enable them to access the digital services they wish to purchase or have purchased from the Owner of the Platform. A detailed list of services is available at: https://truefalsehosting.rs.

The secondary purpose of collecting the email address specified in Article 2, Paragraph 1, Item 1, is to inform the User about offers from the Owner of the Platform through an email marketing system, which the User may choose to accept or decline.

The purpose of collecting personal data as specified in Article 2, Paragraph 1, Item 3, is for payment processing via credit card to complete the purchase of the selected service.

When entering credit card information, confidential information is transmitted through the public network in protected (encrypted) form using SSL protocols and PKI systems.

The security of data during payment is guaranteed by the payment card processor, owned by NLB Komercijalna banka AD Belgrade, and the entire payment process is carried out on the bank’s pages. At no time is the credit card data available to our system.

Legal Basis for Data Collection

Article 4.

The legal basis for collecting personal data, as outlined in Article 2, Paragraph 1, is the contract entitled Terms of Use. This contract grants the User of the Platform the right to access digital services provided by the Owner of the Platform, which primarily includes contracts for the purchase or lease of services. Additionally, since the Owner of the Platform offers domain registration with competent authorities, the legal basis for collecting personal data includes both international and domestic regulations governing this area and specifying the personal data required for submission.

The legal basis for collecting personal data, as outlined in Article 2, Paragraph 2, is the execution of a sales contract for one of the services. When a User purchases a selected service via the Platform, payment must be made to complete the transaction. The data in this category is collected solely for the conclusion of the contract and is not collected if the User has not purchased a service via the Platform.

Data Protection

Article 5.

The collected data is stored electronically in databases with limited access, granted only to specific personnel within the Owner’s business entity. The electronic system is protected by antivirus software.

The hosting company is obliged to handle personal data encountered through the Platform in the same way as the Owner of the Platform.

In the event of a significant risk to the data or a major data security breach, such as data leakage, hacking, or database theft, the Owner of the Platform will notify the Commissioner for Information of Public Importance and Personal Data Protection.

If there is suspicion of unauthorized access to the Owner’s IT devices, the passwords will be immediately changed, and other necessary measures will be implemented to prevent future activities that may compromise the security of personal data.

Data Retention Period

Article 6.

Personal data will not be retained longer than necessary to achieve the purpose for which it was processed. If the retention period is prescribed by law, the Owner of the Platform will retain the data for the statutory period. Once the purpose is fulfilled, or the legally prescribed retention period expires, the data will be permanently deleted.

In certain cases, personal data may be retained for a longer period to fulfill legal obligations or establish, exercise, or defend legal claims in accordance with applicable laws.

Any User of the Platform may request the deletion of their personal data at any time.

Links (Backlinks)

Article 7.

The Platform may contain links to other websites that are not controlled by the Owner of the Platform and are not subject to this Privacy Policy. If a User of the Platform accesses other websites via these links, the operators of those websites may collect data from users, which they will use in accordance with their privacy policies, which are not required to comply with this Privacy Policy.

Cookies

Article 8.

The Platform uses cookies to enhance the user experience.

For more information about cookies, Users of the Platform can refer to the Cookie Policy, which is a separate document.

Automated Decision-Making and Profiling

Article 9.

The Owner of the Platform does not engage in automated decision-making or profiling.

Rights of Data Subjects

Article 10.

Individuals whose data is processed via the Platform have the following rights concerning personal data protection:

– Right to information – Employees and other individuals whose data is processed have the right to be informed about their rights, obligations, and the matters relating to the processing of their personal data, as provided by the Law on Personal Data Protection (ZZPL), even before the processing begins.

– Right of access – Employees and other individuals whose data is processed have the right to request access to their personal data, as well as the right to inquire about the nature, purpose, and scope of the processing.

– Right to rectification and completion – After accessing their data, individuals whose data is processed have the right to request rectification, completion, or updating of their processed personal data.

– Right to erasure – Individuals whose data is processed have the right to request the erasure of their personal data, in accordance with the Law on Personal Data Protection (ZZPL), as well as the right to request the cessation or temporary suspension of processing.

– Right to withdraw consent – In cases where the legal basis for processing personal data is the consent of the individual, the individual has the right to withdraw their consent at any time in writing.

– Right to restrict processing – Individuals whose data is processed have the right to request that the processing of their personal data be restricted, in accordance with the Law on Personal Data Protection (ZZPL).

– Right to data portability – Individuals whose data is processed have the right to request the transfer of their personal data to another data controller, when technically feasible, provided that the personal data is structured and in a machine-readable format.

– Right to object and automated decision-making – If they believe it is justified due to their particular situation, individuals whose data is processed have the right to object to the processing of their data at any time. They also have the right to not be subject to decisions based solely on automated processing, including profiling, if such decisions produce legal effects or significantly affect their position.

The User of the Platform has the right to object to the processing of their personal data for direct marketing purposes and may request the restriction of processing in other circumstances.

If the Owner of the Platform intends to further process personal data for a purpose different from that for which the data was collected, they are required to inform the User of the Platform of this new purpose and provide all relevant information in accordance with the right to be informed.

Transfer of Data to Third Parties

Article 11.

The Owner of the Platform transfers data to companies that provide selected services on behalf of and under the instructions of the Owner of the Platform. The data is used solely for the purpose for which it was transferred.

The Owner of the Platform transfers data outside the country, as the data is stored on servers located in Germany and the Netherlands.

The Owner of the Platform does not transfer data outside the country or to third parties, either domestically or internationally, except with the explicit consent of the individual and in exceptional cases prescribed by law. Personal data will only be provided to public authorities when legally required.

In the event of the sale of the business entity, the Owner of the Platform, the databases will be handled in accordance with the law and may become the property of the purchaser of the Platform or the Owner of the Platform. In such a case, the purchaser will be bound by all previously signed agreements between the Owner of the Platform and the User of the Platform, including the Terms of Use and this Privacy Policy.

Mechanisms for Protecting Personal Data

Article 12.

Mechanisms for the protection of personal data available to individuals who believe their data has been compromised include internal and external mechanisms. Internally, individuals may report their concerns to the Data Protection Officer at the business entity, the Owner of the Platform. Externally, individuals may seek protection through competent public authorities.

Data Protection Officer

Article 13.

The Data Protection Officer of the Owner of the Platform can be contacted by the User of the Platform regarding any issues related to personal data protection at the email address: office@truefalsehosting.rs.

In the event of any data breaches or in the case of requests to exercise any rights, the User of the Platform has the right to contact the Data Protection Officer.

If the User of the Platform is dissatisfied with the response of the Owner of the Platform or the Data Protection Officer, they have the right to lodge a complaint with the competent public authority regarding personal data protection rights.

Competent Public Authority

Article 14.

The competent public authority for personal data protection in the Republic of Serbia is the Commissioner for Information of Public Importance and Personal Data Protection. The User of the Platform may contact the Commissioner at Bulevar kralja Aleksandra 15, 11000 Belgrade, Republic of Serbia, by email (office@poverenik.rs) or by phone (+381 11 3408 900).

Changes to the Privacy Policy

Article 15.

The Owner of the Platform reserves the right to modify this Privacy Policy at any time, as deemed appropriate, and all changes will take effect on the date of publication. You will be notified of any significant changes, and in the event of substantial changes, Users of the Platform will be asked to reconfirm their consent to this contract.

Final Provisions

Article 16.

For any matters not covered by this agreement, the provisions of the Law on Personal Data Protection (“Official Gazette of RS”, no. 87/2018) and other regulations of the legal system of the Republic of Serbia will apply.

Article 17.

In the event of a dispute arising from this agreement, the competent court in Belgrade, Serbia, will have jurisdiction.

In Belgrade,

On February 5, 2024.