Privacy Policy

1. Who We Are

Shandoola D.O.O.

Vojvode Stepe 617, 11221 Belgrade, Serbia

Registration No.: 21589608

E-mail: [email protected]

For the purposes of Serbia's Law on Personal Data Protection (Official Gazette RS 87/2018, "LPDP") and—where it applies—the EU General Data Protection Regulation ("GDPR"), Shandoola D.O.O. acts as the data controller.

2. Personal Data We Collect

We do not knowingly collect special-category ("sensitive") data, nor do we carry out automated decision-making or profiling.

3. Purposes & Legal Bases

You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

4. How We Protect Your Data

Hosting: data are stored on secure servers provided by [Name of Hosting Provider, Country].

All traffic is encrypted via TLS/SSL.

Access to back-end systems is restricted, audited, and protected by strong authentication.

Regular backups and software updates are applied.

Where we use third-party service providers (e.g., hosting, e-mail), they act as data processors bound by written Data Processing Agreements.

5. Retention Periods

6. Sharing & Disclosure

We never sell or rent your personal data. We share it only:

• With processors that supply technical infrastructure or e-mail services, solely to provide our website and respond to enquiries; each processor is contractually bound to confidentiality and data protection.
• With competent authorities if required by applicable law, court order, or to protect legal rights.

7. Cookies & Similar Technologies

Our site uses only essential cookies (e.g., session cookies, security tokens, Google reCAPTCHA) to prevent spam and ensure basic functionality. When you first arrive, a cookie banner explains our use of essential cookies; continued browsing implies acceptance. No analytics or advertising cookies are set.

Tip: If you add analytics in future, update this section and provide an opt-in mechanism.

8. International Transfers

Where personal data are transferred outside Serbia or the European Economic Area—for example, to a US-based e-mail provider—we rely on one of the following safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission; or
• An adequacy decision issued for the destination country.

You may request a copy of these safeguards via the contact details in Section 12.

9. Your Rights

Under the LPDP (Arts. 26-36) and, where relevant, the GDPR (Arts. 15-22), you have the right to:

• Access the personal data we hold about you
• Request rectification of inaccurate data
• Request erasure ("right to be forgotten")
• Request restriction of processing
• Object to processing based on legitimate interest
• Receive data in a portable format (data portability)
• Withdraw consent at any time (for consent-based processing)

To exercise any of these rights, e-mail us at [email protected].

If you believe your data-protection rights have been violated, you may lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (Bulevar Kralja Aleksandra 15, 11120 Belgrade; www.poverenik.rs).

10. Children

Our website is not directed to children under 15 years of age. We do not knowingly collect data from minors. If you believe we have unintentionally collected such data, please contact us so we can delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a new "Last updated" date. Material changes will be announced via a site notice or e-mail where feasible.

12. Contact

For any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact:

Shandoola D.O.O.

E-mail: [email protected]

Postal address: Vojvode Stepe 617, 11221 Belgrade, Serbia