Privacy Policy

Last updated: 01.10.2025.

Who is the data controller?

What data do we collect and why?

Contact form

Data: full name, company, email, phone, topic/interest, message content.

Purpose: responding to your inquiry, preparing a quote, and arranging the service.

Legal basis: taking steps at the request of the data subject prior to entering into a contract and/or legitimate interest (communication with prospective clients).

Direct communication (email/phone)

Data: everything you share with us in a message or during a call.

Purpose: support, offers, contracting, and service delivery.

Providing and performing the service

Data: contact of the responsible person, service location address, service details, invoicing data.

Legal basis: performance of a contract; legal obligations related to invoicing.

Website security and system logs

Data: IP address, page URL, device/browser type, access time, technical errors.

Purpose: security, abuse prevention, and troubleshooting (legitimate interest).

Analytics and cookies

Data: aggregated traffic data (visited pages, duration, events), without identifying individuals where possible.

Purpose: measuring website performance and improving content.

Legal basis: user consent where required (managed via the cookie banner or browser settings).

Cookies

  • Necessary: enable the core functions of the website.
  • Functional/performance: improve user experience and speed.
  • Analytics: help us understand usage in aggregate form.

The duration depends on the type and your browser/banner settings (from a session to several months). You can change cookie settings in your browser or via the banner, if present.

Who do we share data with?

  • Hosting providers and website maintenance partners.
  • Email and telecommunications providers (sending/receiving messages).
  • Tools for measuring website traffic and performance (in aggregate form).

We enter into appropriate data processing agreements with partners. We do not sell your data to third parties.

Transfers to third countries

If global service providers are used, data may be transferred outside your country. In such cases, appropriate contractual and technical safeguards are applied.

Retention periods

  • Inquiries via form / email correspondence: up to 24 months from the last communication, unless you request deletion earlier or another legal basis applies.
  • Contractual and business documentation: duration of the contractual relationship + up to 5 years for the protection of legal claims.
  • Invoices and accounting records: at least 10 years as required by law.
  • Analytics records and cookies: depending on type and settings (typically 14–26 months or shorter).

Your rights

  • access, rectification, and completion of data,
  • erasure (“right to be forgotten”) and restriction of processing,
  • data portability,
  • objection to processing based on legitimate interest,
  • withdrawal of consent (where consent is the legal basis).

To exercise your rights, write to info@special.co.rs. We will respond within the statutory period. You may also lodge a complaint with the competent data protection authority; we recommend contacting us first.

Data security

We apply technical and organizational security measures (HTTPS, access control, system updates, etc.). However, no system is 100% risk-free; please use strong passwords and up-to-date devices/browsers.

Minors

Our services are not intended for individuals under 16. We do not knowingly collect data about minors. If you believe we have collected such data unintentionally, contact us for deletion.

Automated decision-making

We do not conduct profiling or automated decision-making that produces legal effects concerning you.

Changes to this policy

We may update this policy from time to time. The new version will be published on this page with the update date. We recommend periodic review.

Contact

SPECIAL DOO Belgradeinfo@special.co.rs — +381 63 759 5710