Privacy Policy

This document represents the Privacy Policy (hereinafter: the Policy) of the website: https://coffeeroastingman.rs/ owned by the entrepreneur: MARJAN NJEGRIĆ PR CRAFT TRADING AND HOSPITALITY BUSINESS COFFEE ROASTING MAN KIKINDA.

 

Based on the provisions of the Law on the Protection of Personal Data (“Official Gazette of RS”, No. 87/2018 – hereinafter: the Law), the entrepreneur: MARJAN NJEGRIĆ PR CRAFT TRADING AND HOSPITALITY BUSINESS COFFEE ROASTING MAN KIKINDA, located in Kikinda, Đoke Radaka Street No. 8, MB: 52246059, PIB: 100509522, adopts this Policy.

 

The Policy is an adhesion contract (contract by acceptance), since the user of the website can accept or refuse this Policy. If the user refuses to accept the Policy, certain functionalities of the website, especially purchasing goods, will not be available.

 

The contract Is concluded between the website owner and the user at the moment of ordering goods, as at this point personal data necessary for processing are collected from the user.

 

The user must actively accept this Policy, confirming that they have read, understood, and fully accept the provisions of the Policy.

 

In case of issues with understanding the Policy or exercising rights guaranteed by the Law, the user may contact the website owner using the contact information provided in section: Contact, Chapter II, item 2 of the Policy.

I Subject of the Policy

The Policy is a document aimed at providing necessary information in accordance with Article 23 of the Law, at the moment of collecting personal data from users, defining the manner, purpose, and legal basis for the processing of personal data and providing additional information.

II Contact Information of the Website Owner – Data Controller

Data ControllerThe entrepreneur “MARJAN NJEGRIĆ PR CRAFT TRADING AND HOSPITALITY BUSINESS COFFEE ROASTING MAN KIKINDA”, located in Kikinda, Đoke Radaka Street No. 8, MB: 52246059, PIB: 100509522

 

Contact Information

Email: prodaja@coffeeroastingman.rs

Phone number: +381 62 500 393

III Types of Personal Data Processed by the Controller

When accessing the website:  https://coffeeroastingman.rs/, data is collected via cookies, as defined in a separate document – Cookie Policy, which is shown to the user when accessing the website, and therefore will not be covered by this Policy.

 

When placing an order, the following personal data is collected from the user/customer:

1. Full name 

2. Street and number 

3. City 

4. Country (if from abroad) 

5. Phone number 

6. Email address 

7. Optionally, an additional address if the delivery is to be made to a different address from the one initially provided 

8. Card numbers, in case of payment by credit/debit card (VISA, Maestro, MasterCard, American Express, and possibly other cards used in the Republic of Serbia)

 

For payments by credit card, the card information is entered on the secure page of the bank “Banka Intesa”, and the data transfer over the Internet is encrypted using SSL protocol and PKI system. At no point does the Seller’s system have access to the Customer’s card details.

IV Purpose and Legal Basis for Processing Personal Data

The personal data mentioned above is collected from customers for the purpose of concluding and executing the sales contract, as well as for the proper delivery of the ordered goods.

 

Additionally, the data is processed to address customer complaints.

V Transfer of Data to Third Parties and Outside the Republic of Serbia

Personal data of the customer may be shared with the courier service: Post Express – Public Enterprise “Pošta Srbije”, Belgrade, Takovska Street No. 2, 11120 Belgrade, MB: 07461429, PIB: 100002803. The courier service uses the personal data to deliver the ordered goods.

 

Personal data may also be provided to other courier services if the customer requests delivery through a different service.

 

Certain personal data may be submitted to customs authorities or other relevant authorities when importing/exporting goods outside the Republic of Serbia.

 

In case of damages (ordinary or lost profits), for legal protection of the website owner, personal data may be provided to relevant courts, prosecutors, the Ministry of Internal Affairs of the Republic of Serbia, or other relevant authorities.

 

Personal data will not be transferred outside the Republic of Serbia, except when the customer resides outside Serbia, in which case the data will be provided to the courier service for international transport or to customs authorities for import/export procedures.

VI Rights of the User/Customer

In accordance with the Law, the user/customer is guaranteed the following rights, which they may exercise with the controller via the contact information provided in Chapter II, item 2 of the Policy:

1. Right to access personal data being processed, including the right to request documents containing personal data and their provision. 

2. Right to correct inaccurate or incomplete data. 

3. Right to delete personal data. 

4. Right to restrict the processing of personal data. 

5. Right to object. 

6. Right to contact the Commissioner for Information of Public Importance and Personal Data Protection at the following address: Bulevar kralja Aleksandra No. 15, 11120 Belgrade or via email: office@poverenik.rs.

VII Retention Period

Personal data collected from the user/customer is retained during the performance of the contract. After the goods are delivered, and after a period of 6 months, the personal data will be deleted and not retained in the system.

 

Paper documents, such as receipts from courier services, are kept for a maximum of 6 months, after which the documentation is destroyed.

 

Invoices and other financial documents are kept in accordance with tax and accounting legal regulations and are destroyed after the time periods set by legal regulations.

VIII Protection Measures

The controller will not process personal data for purposes other than those defined in this Policy.

 

The controller processes personal data transparently, fairly, and lawfully, and implements appropriate technical, organizational, and personnel measures to protect the rights and freedoms of customers.

 

Paper documents: The data is stored in a locked office, in specially created file cabinets, and only the founder of the business and authorized employees have access to the office. The documents are destroyed by shredding or burning, ensuring that others cannot access the data.

 

Electronic documents: They are stored on personal computers (in the office mentioned above) of the business owner and authorized employees. Access to the computers is secured by personalized passwords known only to these individuals, ensuring that others cannot access the documentation.

IX Other Provisions

In the case of processing personal data of EU citizens, the controller will adhere to the provisions of GDPR (EU General Data Protection Regulation) and meet the requirements specified by the GDPR.